By Praveen Dalal
We are living in an era of Cyber Warfare, Cyber Terrorism, Cyber Espionage, etc. To make the matter worst, we have no International Harmonisation and Regulatory Framework for areas like Cyber Law, Cyber Security, Cyber Terrorism, Cyber Warfare, Cyber Espionage, etc. Even the Tallinn Manual on the International Law is not Applicable to International Cyber Warfare Attacks and Defence. In the absence of International Harmonisation and this “Great Legal Void”, Nations are free to Interpret and Apply their own “Norms and Regulations” to International Cyber Security Issues.
As far as India is concerned, Cyber Security in India has now become an essential part of Indian Polity and Economic Affairs. For instance, the Cyber Security Policy of India would be formulated very soon. However, Cyber Security has still not been understood and applied in true perspective. We have to think about Cyber Security beyond Anti Virus, Firewalls and Hardware and Software Procurements.
To start with, Cyber Security Skills Development in India must be ensured. Without a “Capable Cyber Security Workforce”, India cannot have an Effective Cyber Security. Similarly, in the absence of adequate Skills, Offensive and Defensive Cyber Security Capabilities of India cannot be achieved.
Malware have become “Sophisticate and State Sponsored” these days. Take the examples of malware like Stuxnet, Duqu, Flame, etc that are not works of Script Kiddies but Professional Programmers and Coders hired by various Nations. Clearly, the face of Cyber Attacks and Cyber Security is changing rapidly and firewalls and Anti Virus Software stands nowhere in this scenario.
Signatures based Anti Virus Software are “Long Dead” and so are simple Firewalls. Ironically, Anti Virus Updates are Potential Tool to Install Malware, Steal Information and Launch Cyber Warfare Attacks. We need a totally different Cyber Security Infrastructure for India as on date.
Today the Malware game has reached a totally different level. Malware are not used for Fun anymore. Neither are they used for merely stealing information. Malware today are also used for rendering Computer Systems and Devices useless. The Wiper Malware overwrites the Master Boot Record (MBR) and corrupt relevant portion of the Hard Disk. When the Computer cannot be booted, it cannot serve any purpose.
Critical Infrastructure Protection in India is another aspect that must be considered “Very Seriously” by Indian Government. The National Critical Information Infrastructure Protection Centre (NCIPC) of India must be made “Operational” as soon as possible. The Internet is Full of Unprotected and Unsafe Devices, SCADA Systems and Computers. Further, SCADA has become the new Cyber Attack Battlefield for India. The Cyber Security of Power Sector in India needs to be streamlined. Power Grids Cyber Security in India and its Challenges are now well known. Similarly, Healthcare and Medical/Life Sciences Industries are under Cyber Attack thereby risking the Lives of millions.
India must also “Absolutely Ensure” Human Rights Protection in Cyberspace. While doing so Civil Liberties and National Security Requirements Must be Reconciled by India. Issues like E-Surveillance in India, Cell Site Location Based E-Surveillance in India, Surveillance of Internet Traffic in India, Central Monitoring System (CMS) for Telephone Tapping in India, etc must be “Thoroughly Analysed” before implementing them. E-Surveillance Tools like FinFisher must be avoided at all costs.
Some “Positive Developments” have already been undertaken by Indian Government in this direction. For instance, a National Cyber Coordination Centre (NCCC) of India has been proposed to be established by Indian Government. Similarly, Regulations and Guidelines for Effective Investigation of Cyber Crimes in India may also be formulated very soon. The Indian Cyber Security Policy would be formulated very soon. The Critical Information Infrastructure Protection Agency of India may also be constituted soon. Finally, Indian Government is planning a Legislation Mandating Strict Cyber Security Disclosure Norms in India. As on date we have no dedicated Cyber Security Laws in India.