National Cyber Security Policy Of India 2013 (NCSP 2013)

PRAVEEN-DALAL-MANAGING-PARTNER-OF-PERRY4LAW-CEO-PTLBThe National Cyber Security Policy of India 2013 (NCSP 2013) (PDF) was recently declared by Indian Government. It is a Good Policy on many counts but it also failed to address many crucial aspects as well. For instance, the National Cyber Security Policy of India has failed to protect Privacy Rights in India. Nevertheless, this is a good step in the right direction and it must be updated and improved as the time passes

A sound Cyber Security Policy must be Techno Legal and Holistic in nature. It must be Techno Legal in nature so that it can accommodate both Technological and Legal aspects. It must be Holistic as it should cover as much areas as possible. It must be realistic as well as a single Policy cannot be considered to be Panacea for all Cyber Crimes and Cyber Attacks against India.

Thus, the Indian Cyber Security Policy must be supplemented by other Techno Legal Policies. For instance, the E-Mail Policy of India must supplement the Cyber Security Policy. The Cyber Security Policy must also be supplemented with the Telecom Security Policy of India and National Telecom Policy of India 2012 (NTP 2012). In fact, the National Security Policy of India must have the Cyber Security Policy as an essential component.

This NCSP 2013 intends to protect information and information infrastructure in Cyberspace, build capabilities to prevent and respond to cyber threat, reduce vulnerabilities and minimise damage from cyber incidents through a combination of institutional structures, people, processes, technology and cooperation.

The NCSP 2013 aims at facilitating creation of Secure Computing Environment and enabling adequate trust and confidence in electronic transactions and also guiding stakeholders’ actions for protection of Cyberspace. It outlines a road-map to create a framework for comprehensive, collaborative and collective response to deal with the issue of Cyber Security at all levels within the country. It also recognises the need for objectives and strategies that need to be adopted both at the National level as well as International level.

The NCSP 2013 envisages a vision and mission statement aimed at building a secure and resilience Cyberspace for citizens, businesses and Government. It strives to enable goals aimed at reducing national vulnerability to cyber attacks, preventing cyber attacks and cyber crimes, minimising response and recover time and effective cyber crime investigation and prosecution. It intends to facilitate monitoring key trends at the national level such as trends in cyber security compliance, cyber attacks, cyber crime and cyber infrastructure growth.

The Objectives of the NCSP 2013 include to create a secure cyber ecosystem in the country, generate adequate trust and confidence in IT system and transactions in cyberspace and thereby enhance adoption of IT in all sectors of the economy,  to create an assurance framework for design of security policies and promotion and enabling actions for compliance to global security standards and best practices by way of conformity assessment (Product, process, technology and people), to strengthen the Regulatory Framework for ensuring a Secure Cyberspace Ecosystem, to enhance and create National and Sectoral level 24X7 mechanism for obtaining strategic information regarding threats to ICT infrastructure, creating scenarios for response, resolution and crisis management through effective predictive, preventive, protective response and recovery actions, to improve visibility of integrity of ICT products and services by establishing infrastructure for testing & validation of security of such product, to create workforce for 5,00,000 professionals skilled in next 5 years through capacity building skill development and training, to provide fiscal benefit to businesses for adoption of standard security practices and processes, to enable Protection of information while in process, handling, storage and transit so as to safeguard privacy of citizen’s data and reducing economic losses due to cyber crime or data theft, to enable effective prevention, investigation and prosecution of cyber crime and enhancement of low enforcement capabilities through appropriate Legislative Intervention.

Although the Objectives and Aims of the NCSP 2013 are Laudable yet their “Actual Implementation” is the real problem. India has not been able to achieve these Cyber Security Objectives so far. Since India is a late entrant in the Cyber Security field, it would only be fair to give it some more time to implement these Objectives successfully.

National Security Policy Of India Needs Techno Legal Boost

PRAVEEN-DALAL-MANAGING-PARTNER-OF-PERRY4LAW-CEO-PTLBNational Security has undergone a see change these days. It is wrong to assume that the National Security Policy is confined to traditional threats alone. National Security of India is facing many challenges these days that are mainly attributable to the use and abuse of Information and Communication Technology (ICT).

For instance, Cyber Crimes, Cyber Attacks, Cyber Security Incidences, Cyber Warfare, Cyber Terrorism, Cyber Espionage, etc are some of the problems that are peculiar to the contemporary times. These threats are intimidating the National Security of India by striking at the Financial, Economic, Social and Political Environment of India.

An implementable Techno Legal Crisis Management Plan of India for Cyber Attacks and Cyber Terrorism is need of the hour. The National Cyber Coordination Centre (NCCC) of India must also be made operational immediately.

Critical Infrastructure Protection in India must also be ensured by Indian Government. For instance, Supervisory Control and Data Acquisition (SCADA) Systems is a favourite target for Cyber Criminals and Cyber Terrorists. By targeting SCADA these cyber miscreants can damage the Critical Infrastructure of India. We must ensure sufficient Cyber Protection of SCADA Systems in India in general and Critical Infrastructure in particular.

Malware like Stuxnet and Duqu have already shown how Critical Infrastructures and SCADA systems are vulnerable to Cyber Attacks. Indian Critical Infrastructures have also been targeted by these Malware. It is believed that Stuxnet was responsible for shutting down an Indian Communication Satellite. These Malware have also been targeting Indian Nuclear Systems and Facilities.

The National Critical Information Infrastructure Protection Centre (NCIIPC) of India, established under the guidance and control of Defence Research and Development Organisation (DRDO) must also play a more pro active role in this regard.

Although NCIIPC has issued the Guidelines For Protection of National Critical Information Infrastructure in India (PDF) yet the role of NCIIPC in India is still not clear due to absence of a Gazette Notification by the Government of India under section 70A of the Information Technology Act, 2000.

Recently DRDO sought Penal Provisions in National Telecom Security Policy of India for Telecom Companies violating the norms. However, recently the Computer Systems of DRDO and Security Officials were breached and Sensitive Files were leaked. Thus, DRDO must also enhance its own Cyber Security besides managing the Cyber Security of other Institutions.

We must develop Offensive and Defensive Cyber Security capabilities of India. A Cyber Command for Armed Forces of India is already in pipeline. The Cyber Command has also become necessary as Countries across the world have started utilising Cyber Attacks and Malware against others. As per a recent report, U.S. is the Biggest Buyer of Malware in the world.  Similarly, Global Cyber Espionage Networks are being actively used to spy and engage in E-Surveillance on other Countries. The command and control servers of Malware FinFisher were also found in 36 countries, including India.

Indian Government must Reconcile Civil Liberties and National Security Requirements in India. While protecting the National Security, Civil Liberties Protection in Cyberspace must also be ensured. Recently, United Nations passed a resolution approving Right to Privacy in the Digital Age.

However, India is in no mood of complying with that resolution. India has launched Illegal and Unconstitutional Projects like Aadhar, Central Monitoring System (CMS), National Intelligence Grid (Natgrid), Crime and Criminal Tracking Networks and Systems (CCTNS), etc without any Parliamentary Oversight and Legal Frameworks. In fact, the Internet Spy System Network and Traffic Analysis System (NETRA) of India has been proposed by Indian Government without any Legal Framework.

There is also a lack of Cyber Security Legal Practice in India. Not many Law Firms are providing Legal Services in the field of Cyber Security as it requires Techno Legal Expertise. Indian Government is planning a Legislation mandating strict Cyber Security Disclosure Norms in India. Further, Cyber Law Due Diligence requirements in India are also going to increase in India.

Cyber Security is an essential part and component of National Security of India. Indian Government must keep this fact in mind and draft a suitable Techno Legal National Security Policy of India.

DRDO Seeks Penal Provisions In National Telecom Security Policy Of India For Telecom Companies Violating The Norms

DRDO Seeks Penal Provisions In National Telecom Security Policy Of India For Telecom Companies Violating The NormsCyber security is a very broad field that covers multiple facets of information and communication technology (ICT). One of the segments of cyber security pertains to telecom and mobile cyber security. Mobile cyber security in India is still missing and even mobile banking cyber security in India is in a bad shape. There is an urgent need to ensure mobile cyber security in India.

Recently, the national cyber security policy of India 2013 and national telecom policy of India 2012 were released by Indian government. It would even be better if an implementable national telecom security policy of India is formulated as well as soon as possible.

As of now the telecom service providers of India are openly flouting the laws of India. They are not following the cyber law due diligence in India. For instance, Airtel and Tata Teleservices Limited are violating cyber law of India in general and Internet Intermediary Rules of India in particular. These violations must be punished by Department of Telecommunication (DoT) and Telecom Regulatory Authority of India (TRAI).

Now Business Standard has reported that Defence Research and Development Organisation (DRDO) has communicated to the Department of Telecommunications (DoT) that the proposed National Telecom Security Policy should have a framework to penalise telecom service providers if they fail to abide by the norms. This is a sensible recommendation keeping in mind the cyber security interests of India.

DRDO has said that telecom service providers should endure that user data is not revealed or duplicated or copied or shared with recipients other than those designated by the sender, and should ensure that user data is not being routed outside the infrastructure within India when the end points of communication are inside Indian territory. This means that telecom service providers of India have to comply with the proposed e-mail policy of India.

Of course, there cannot be any bar from disclosure and sharing when the laws of India and foreign jurisdictions as well as court orders warrant so. Similarly, in cases of cyber crimes and cyber security breaches there should be an obligation on the part of Indian telecom service providers to comply with Indian laws. In fact, Indian government is planning a legislation mandating strict cyber security disclosure norms in India.

Telcos will require ensuring authentication of end user, authorised access to services and attribution of activities and payloads to end users. The attribution in the form audit, forensic and tracking mechanisms should ensure tracking of inappropriate use, criminal activities and enforcement of IT and cyber security laws of the Government.

Earlier, the Government had differences with Blackberry over the encrypted message and email services the firm provides to customers. Fearing that such encrypted services can be used to plan and execute terrorist strikes, India had also threatened to ban the providers of such services if they failed to accommodate the legitimate demands of law enforcement agencies.

India Must Ban Gmail And Yahoo E-Mails For Official Communications

India Must Ban Gmail And Yahoo E-Mails For Official CommunicationsFor too long companies like Google have been denying to follow the laws of India by citing its own governing laws and policies. There are many reasons why companies like Google can take Indian laws and Indian cyber security for granted. The chief among them is lack of a strong and effective techno legal framework to regulate companies like Google.

Technology companies like Yahoo, Google, etc have been accused of providing a direct entry to the intelligence agencies of United States into their servers and data centres. Similarly, intelligence agencies like national security agency (NSA) are covertly gaining access to the data centres of Google, Yahoo, etc.  James Clapper, the director of NSA, has also confirmed that NSA is targeting foreign nationals, including Indians, for e-surveillance and eavesdropping activities of NSA.

India is a late entrant in the field of cyber security and it is only now that the cyber security policy of India has been formulated. Now Indian government is trying to cover the field step by step. In a move to safeguard its critical and sensitive data and to minimise external spying, the government announced that it could ban e-mail services such as Gmail and Yahoo for official communications by December this year. The government had declared that all official communications will take place through the National Informatics Centre (NIC’s) email service.

The Department of Electronics and Information Technology (DEITY) is currently drafting a policy on e-mail usage for government offices and departments and the policy is almost ready. The policy seeks to protect the large amount of critical government data and is expected to cover about 5-6 lakh Central and State government employees for using the email service provided by NIC.

The new initiative was recommended by a section in the government, especially intelligence agencies, over use of email services, provided by the US-based firms having their servers located in overseas locations, making it difficult to track if sensitive government data is being sneaked into. They have even recommended establishment of servers in India by Internet telephony and VOIP service providers in India.

Companies like Google, Yahoo, etc must also be asked to establish their respective servers in India so that Indian laws can be given effect to maximum extent. Presently, Google has been refusing to entertain legally valid requests from Indian law enforcement agencies and Indian attorneys.

Meanwhile, the BRICS nations, Brazil, Russia, India, China and South Africa, are building their own high-speed Internet free of the U.S. influence. Tech firms have started massive lobbying in Brazil to stall a legislation that may force Google, Facebook and other Internet companies to store locally gathered data inside Brazil. India is also required to formulate strict techno legal legislations that can force the companies like Yahoo, Google, Microsoft, Facebook, etc to compulsorily establish servers and technology infrastructure in India. While doing so the lobbying by these technology companies must not be given any importance in India as it has already caused big loss for Indian cyberspace.

When both U.S. technology companies and U.S. government are ignoring complying with Indian laws and even the mutual legal assistance treaty (MLAT) between U.S. and India has proved to be mere sham, there is no sense in delaying enactment of a techno legal framework in this regard.

Cyber Security Of E-Governance Services In India Is Needed

Lock backgroundElectronic governance (e-governance) is a valuable tool in the hands of Indian government to deliver public services in an economic, transparent and accountable manner. Presently there is no dedicated legal framework for e-governance in India.

Similarly, there is no law that can ensure compulsory e-delivery of public services in India. The proposed draft electronic delivery of service bill, 2011 of India is yet to become an applicable law and binding obligation upon central government and state governments.

Naturally, e-governance in India is dying and Indian government has to do a good amount of hard work to keep it alive. There are many hurdles before the successful implementation of e-governance projects in India. However, nothing is more dangerous and more worrisome than implementing the e-governance projects of India without adequate cyber security.

Cyber security of e-governance projects of India is still not contemplated by Indian government. This can be well understood as when even implementation of e-governance is in poor state one cannot expect safe and cyber secure e-governance services in India.

Indian government has recently admitted that it acted very late for drafting the cyber security policy of India 2013. Even the cyber security policy is deficient on many counts. Further, actual implementation of the cyber security policy of India is still to be achieved that would be a mammoth task in the absence of adequate cyber security expertise.

Indian government has been repeating mistakes after mistakes even if it is warned much in advance. For instance, Indian government is adamant on wasting public money on illegal and unconstitutional projects like Aadhaar. After wasting many crores Indian money, it is only now that the Supreme Court of India has declared that Aadhaar card is not mandatory for availing public services in India.

Similarly, Indian government is pushing mobile banking without realising its risks and without ensuring sufficient mobile banking cyber security in India. We do not have any mobile payments cyber security in India as on date. Mobile frauds and online banking frauds have increased tremendously and cyber crime conviction rates in India are almost none. India is not ready for mobile governance as on date and even mobile governance and e-authentication in India needs to be ensured.

Private banks are implementing online banking related projects in India without any cyber law due diligence and proper project appraisal. Recently, the ICICI bank has launched an initiative titled Pockets that allows transfer of funds through a Facebook account. Initiatives like these are not in strict compliance with the cyber and banking laws of India. The ICICI bank’s pockets initiative may be insecure and violative of Indian laws.

Luckily, the Reserve Bank of India has made the security and risk mitigation measures for card present transactions in India enforceable from 1st October, 2013. This has put the onus of secured card transactions upon banks and they cannot fool the victims’ customers in this regard.

Cyber security in India must be improved so that public services can be better delivered through the mode of e-governance and mobile governance. Similarly, cyber security legal practice must be encouraged and developed in India so that cyber crimes and cyber security related breaches can be properly prosecuted.

Indian government is also required to formulate adequate e-governance cyber security policies for India and implement the same in true letter and spirit. Till then relying upon Indian e-governance services, barring few exceptional ones, is a risky proposition and must be avoided.

Is ICICI’s Facebook Application Pockets Violating Indian Cyber And Banking Laws?

RBI Exploring Use Of Encrypted SMS Based Fund Transfers In IndiaEngaging in an online business or transaction requires compliance with various laws of India. If the online business or transaction pertains to banking industry, especially online transfer and receiving of money, the applicable provisions can include the internet banking guidelines, mobile banking security practices, e-commerce regulations and compliances, risk management for card present transactions, etc.

Cyber security of banks in India is still not taken seriously. Banks are not interested in ensuring cyber security of electronic transactions. The recommendations of Reserve Bank of India (RBI) to ensure cyber security, appointment of chief information officers (CIOs), establishing a steering committee at board level, etc has remained unfulfilled. Even RBI has warned banks for inadequate cyber security.

In a significant development, the deadline for ensuring security and risk mitigation measures for card present transactions in India would come to an end on 30th September 2013. Banks that have failed to comply with these guidelines would be not only liable to be punished but they would also be required to bear the losses arising out on insecure card transactions.

Recently, the ICICI bank has launched a web application named “Pockets” in association with Facebook. The web based application would allow account holders of ICICI to use Facebook application to transfer and receive money online. However, some individual(s) have raised their doubts about the legality and security of ICICI’s pockets application. Further, it is users’ responsibility to ensure safety of their computers/devices for using this application.

The online banking system of India is still not secure. Even allegations of ICICI’s online banking system being insecure were leveled in the past.  If these allegations are true, then this is a serious cyber security lapse on the part of ICICI bank and it must be addressed properly. As far as the ICICI’s Facebook application pockets is concerned, ICICI must address both cyber security and legal issues as some have demanded attention of Reserve Bank of India (RBI) in this regard.

ICICI Bank states that all banking activities will take place on the bank server only. While you see the Facebook frame, the activities will happen on ICICI Bank’s server. The bank claims that the Facebook application is as secure as their Net banking platform. Although all consumer disputes and legal claims must be directed to ICICI bank but Facebook cannot deny its liability under Indian laws, especially cyber law of India. Only time would tell how this initiative of ICICI would work for the consumers, Facebook and ICICI.

Mobile Payments Cyber Security In India Needed

Mobile Payments Cyber Security In India NeededWe have heard a lot about mobile banking in the recent past. This euphoria can be well understood keeping in mind the attraction towards changes that technology can bring into our lives.

However, technology can also cause problems for us. Incidences of ATM frauds, credit card frauds, phishing, RTGS frauds, Internet banking frauds, etc have increased significantly in India. Malware targeting mobiles specifically have also raised the threat level further. On top of it we have poor adoption cyber security practices and policies by banks of India. In short, the online banking system of India is not cyber secure.

The truth is that India is not ready for mobile governance as on date. Mobile banking cyber security in India is still missing and the same must be established on a priority basis.

Reserve Bank of India (RBI) has taken some very significant policy steps to boost cyber security of Indian banks. However, banks of India have failed to comply with various regulations and guidelines of RBI in this regard.

The banking infrastructure of India is wide open to be exploited by cyber crooks and we are not at all ready to deal with the same. As a result litigations between bank customers and banks have increased significantly. The RBI Ombudsmen is already flooded with complaints pertaining to ATM frauds, credit card frauds, excessive charging, etc.

Similarly, bank consumers have approached the adjudication officers of various States of India under the Information Technology Act, 2000 to get their grievance redressed. In many case, the adjudication officers have held the banks liable for various financial frauds for which the consumers have suffered the losses.

As per the media reports, RBI is exploring use of encrypted SMS based fund transfers in India for expanding the reach of banking to remotest corners of India. This is another significant suggestion by RBI that would have both positive and negative consequences.

Pushing such a service without proper mobile payments cyber security infrastructure in India would be a bad policy decision on the part of RBI. The RBI must first ask the banks of India to strengthen their cyber security infrastructure and then only expect some development in this regard. For instance, Malware Dump Memory Grabber has been targeting POS systems and ATMs of major US banks. The same can also happen for Indian banks.

Similarly, the cyber security awareness in India is also missing. Bank consumers must be made well aware of the dangers of malware, viruses and social engineering tactics. The hardware providers in India have already been asked to make available cyber security brochures along with their sold hardware equipments to raise cyber security levels among masses.

Till banks are made liable and accountable for non adoption of cyber security practices, all technology driven initiative of RBI are meaningless. This would only create more problems than solutions.

RBI Exploring Use Of Encrypted SMS Based Fund Transfers In India

RBI Exploring Use Of Encrypted SMS Based Fund Transfers In IndiaThe ideals of mobile banking in India are not new. We have seen media reports from time to time regarding suggested use of mobile banking in India. Although the idea is good yet its actual implementation is far from being accomplished.

There are many techno legal issues that are hindering the use of mobile banking in India. Absence of cyber security culture among the banks in India is the main reason for the failure of mobile banking in India.

The Reserve Bank of India (RBI) has been playing an active role to inculcate sense of cyber responsibility among banks of India. However, all its efforts have proved to be a waste till now in the absence of time bound results and stringent penalty provisions for failure to comply with RBI’s directions.

Similarly, the Internet banking guidelines in India by RBI must be further refined keeping in mind the ever increasing Internet banking frauds in India. Cyber security of banks in India is in a very poor state. Cyber security due diligence for banks in India must also be ensured by RBI that is presently missing. Although appointment of chief information officers (CIOs) has been made mandatory for all banks in India yet till now banks have not followed this requirement. Norms for mobile governance and e-authentication in India is also missing as on date.

As per the latest announcement of RBI, it has been considering setting up of a committee to examine feasibility of encrypted SMS-based fund transfers. RBI would set up a technical committee to examine the feasibility of using encrypted SMS-based funds transfer using an application that can run on any type of handset.

Smart phones are vulnerable to all sorts of malware and cyber attacks. For instance, Android is facing serious malware issues and such vulnerable phones cannot be kept in loop for mobile banking purposes. Absence of mobile cyber security in India can frustrate the efforts of RBI in this regard.

Mobile banking cyber security in India is urgently required on a priority basis before we start using mobile banking or related services in India. For the time being India is not ready for mobile governance and its mindless use may bring counterproductive results.

Imported Software And Hardware Testing For Embedded Malware Postponed Till 1st April 2014 By India

Imported Software And Hardware Testing For Embedded Malware Postponed Till 1st April 2014 By IndiaForeign hardware and software vendors have been facing the telecom security heat around the world. Even in India there have been lots of security concerns regarding imported electronic hardware and software components.

For instance, Huawei and ZTE have already faced telecom security issues in India. Similarly, India is also considering making the norms for import of telecom equipments in India more stringent. The security agencies of India have gone to the extent of even suggesting for the developing indigenously manufactured cyber security software.

India experts have also suggested starting India’s own social media platforms. India has also proposed a new policy that would give preferential market access (PMA) to domestic telecom manufacturers for government contracts. Clearly, the Indian mood is to support and encourage indigenously manufactured hardware and software components.

Foreign hardware and software vendors can relax a little bit in this regard as Indian government has postponed the testing requirement till April 1, 2014. This comes as a big relief to all imported mobile phones, sim cards, 3G & 4G base stations, customer database servers, etc that would have been required to undergo the requisite telecom security testing.

The earlier deadline for this testing was 1ST October 2013 but the absence of global standards for conducting security tests on handsets, sims and telecom network devices, and lack of clarity on who will set up the proposed test lab in the country has delayed the project.

The document for accreditation of testing labs is now likely to be released by October 2013, instead of September, while the accreditation process itself will start from January 1, 2014, according to an internal telecom department document seen by Economic Times.

Till now 25 telecom products have been identified in India that will be screened at an authorised test lab in India. Twelve of these items have been classified “high risk items”, which need to be “security checked” from April 1 now.

Telecom operators had opposed the October 1 date, saying that there were still no established global telecom standards for security testing of core network elements, mobile handsets and sim cards.

Some handset makers had even suggested that subjecting imported handsets to security checks would hurt growth since smartphone makers would be unable to launch latest devices in India on time.

The home ministry of India, however, has repeatedly warned that “the embedded software can be manipulated”.

Cyber Law Due Diligence For European Business Would Be The New Trend

Cyber Law Due Diligence For European Business Would Be The New TrendCyber law due diligence in India is well known though a majority of Indian entrepreneurs operating e-commerce and online businesses are openly flouting the same. This may be due to ignorance of due diligence requirements of India or due to the fact that Indian government has not started punishing the violators yet. As a result e-commerce frauds, offences and crimes have significantly increased in India.

On the other hand other jurisdictions are taking good interest in tackling the violations by various online communities and entrepreneurs. For instance, United States has shut down 1677 illegal online pharmacies websites. Similarly, the European Union has declared that any business found to be engaging in hacking or any other cyber crime would be closed down.

This is a serious threat to those businesses that depend primarily upon unethical and illegal activities to survive. Similarly, this is also a warning note to those businesses that do not give proper attention to cyber law and cyber security requirements.

As per the new EU framework, member states must take necessary measures to make sure that firms who indulge in any kind of cyber crime can now be held accountable. The rules allow member states to serve punishment even if an employee carried out hacking without bosses’ knowledge. This is more on the lines of “strict liability” that business houses and owners must keep in mind.

Similarly, this would also require the businesses to appoint chief information officers and chief technology officers so that their business interests can be adequately safeguarded. In India this appointment of CIO has been made mandatory for the banks of India by Reserve Bank of India (RBI). However, till now banks of India are not following this requirement.

However, EU is not indifferent like India regarding cyber crimes and cyber law due diligence requirements. The proposed framework has prescribed sanctions that include exclusion from entitlement to public benefits or aid; temporary or permanent disqualification from the practice of commercial activities; placing under judicial supervision; judicial winding-up; temporary or permanent closure of establishments which have been used for committing the offence, etc.

Of late cyber attacks against critical infrastructure of EU countries have increased a lot. These are not ordinary attacks but are very sophisticated malware attacks that require urgent attention of EU regulators. The present framework may be the result of these growing cyber attacks.