Cyber security awareness in India is low and the same applies to law enforcement and intelligence agencies of India as well. In order to spread public awareness regarding cyber security in India, the cyber security awareness brochures in India have been mooted by Indian government.
However, the efforts of India government for ensuring cyber security in India are not adequate. Naturally, the cyber security infrastructure in India is still not effective. Even the offensive and defensive cyber security capabilities of India are not adequate.
At Perry4Law Organisation and Perry4Law’s Techno Legal Base (PTLB) we believe that we must formulate and implement the cyber security policy of India as soon as possible. The national critical information infrastructure protection centre (NCIPC) of India must be established as soon as possible. The NCIIPC of India has failed to materialise so far and this is a serious setback to the national cyber security of India.
The national cyber coordination centre (NCCC) of India has been proposed to be established by Indian Government. It has also been reported that a cyber security council for India has been formulated. However, till now there is no sign of actual implementation of these ambitious projects. The truth is that till now we have no critical information infrastructure protection agency in India.
India has been facing serious cyber attacks including attacks upon India’s critical infrastructure. In these circumstances, critical infrastructure protection in India and critical ICT infrastructure protection In India becomes absolutely essential. Even the critical ICT infrastructure protection policy of India is need of the hour.
For instance, the cyber security of Indian satellites and critical infrastructure is a big challenge. Malware like Flame, Stuxnet and Duqu have already shown how critical infrastructures and SCADA systems are vulnerable to cyber attacks. Similarly, these Malware have also been targeting Indian nuclear systems and facilities. Even airline pilot flight systems and communications can be compromised with much ease. The healthcare and medical/life sciences industries are also under cyber attack.
India is presently facing threats of cyber warfare, cyber terrorism, cyber espionage, etc. India cannot afford to take cyber intrusions and cyber attacks lightly. We have no international harmonisation and regulatory framework for areas like cyber law, cyber security, cyber terrorism, cyber warfare, cyber espionage, etc. Even the Tallinn manual on the international law is not applicable to international cyber warfare attacks and defence.
Even the government computers have been comprised successfully in India in the past. Recently Indian National Informatics Centre’s (NIC) server were compromised and used to attack computers of other nations. Recently, the computer systems of DRDO were breached and sensitive files were leaked.
There are many glaring cyber security problems of India that must be addressed on a priority basis. Similarly, we must also ensure cyber security skills and capabilities development in India. In short, Indian cyber security problems, issues and challenges management must be properly appreciated and adequately taken care of.
All these aspects must be kept in mind while formulating the cyber security best practices of India. The national telecom policy of India 2012 must be suitably amended to ensure telecom equipments security in India. We have no dedicated telecom equipment testing facilities in India. However, Indian government has in the past declared that telecom equipments must be certified by TEC in India before use. India must also establish a telecom equipments security framework of India. The norms for import of telecom equipments in India must also be formulated very soon.
Malware are comfortably evading anti viruses as browser based malware grow. The anti virus updates are a potential tool to install malware, steal information and launch cyber warfare attacks. Naturally, India must be double sure about using anti virus products of other nations. Internet is full of unprotected and unsafe devices, SCADA systems and computers and the share of Indian computers in such vulnerable systems must be as less as possible.
A public interest litigation (PIL) has been filed in the Supreme Court of India to require Indian government to formulate regulations and guidelines for effective investigation of cyber crimes in India. Indian government is also planning a legislation mandating strict cyber security disclosure norms in India.
India is seen as an important player in ensuring international cyber security and preventing global cyber crimes. Not only the role but also the responsibilities of India would increase in the near future. The sooner India prepares itself for cyber battles the better it would be for the larger interest of the nation.