Encryption Policy and Cyber Security Problems in India

Encryption Policy and Cyber Security Problems in India

Encryption Policy and Cyber Security Problems in India

With rapid urbanisation and the concept of smart cities, which mainly depends on information and communication technologies (ICT) to provide public services, we can expect cyber attacks on important infrastructures of the smart cities that are facilitated by ICT and technology. In fact in 2014, it was reported that there was a 136% increase in cyber threats and attacks against Indian government organizations as compared to the previous year. Similarly, there was 126% increase in attacks targeting financial services organizations. There is no doubt that a strong cyber security infrastructure is highly recommended in India.

National Cyber Security Policy

Strange but true, India had no cyber security policy till 2012. It was on 2 July 2013, the Government of India passed the National Cyber Security Policy. It was a policy put forward by the Department of Electronics and Information Technology (DeitY) under the Government of India. The basic objective was to protect the public and private infrastructure from cyber attacks and also to protect all kinds of information, such as personal information of web users, banking and financial information, including sovereign data. However, India’s national cyber security policy of 2013 is still not implemented by the Government in a proper way and we are now waiting for the announcement of the cyber security policy of India 2015.

India’s encryptions policy drafted and then withdrawn

There was a huge hue and cry among the digitally advanced citizens of the country a few months back on the drafting of the encryption policy. Formulated by an expert group set up by the DeitY under Section 84A of the IT Act, 2000, the Government will have access to all encrypted information, including personal emails, messages or even data stored on private servers. The policy wanted users to store all encrypted communication for at least 90 days, including messages on Whatsapp, Facebook Twitter etc. But immediately after announcement, the policy had to be withdrawn due to public furore.

Cyber Security Challenges in India

• Cyber security is not a very easy process to manage. It requires both technological expertise and legal compliances which are lacking in the country.
• There are no dedicated cyber security laws in India, except the IT Act 2000 which also has its drawbacks such as lack of privacy, lack of civil liberties protection, absence of cyber security breaches disclosure norms etc.
• The information technology Act, IT Act 2000 was passed to govern legal issues of e-commerce, e-governance, cyber crimes, etc. But, according to experts, new and better techno-legal laws must be enacted in place of the old law.
• On 13 April 2015, the government announced that the Ministry of Home Affairs would form a committee of officials from the Central Bureau of Investigation, Intelligence Bureau, Delhi Police, National Investigation Agency and ministry itself to produce a new legal framework. It still needs to see the light of the day.
• Many critical issues need to be taken care of such as critical infrastructure protection, cyber warfare policy, cyber terrorism, e-commerce cyber security, e-governance cyber security, cyber security of banks, etc.
• The cyber security obligations of stakeholders such as e-commerce websites, directors of companies, law firms, thermal power sector, power and energy sector, Government departments, etc. must be properly understood and effectively implemented in India.

Types of security threats

• Hacking
• Child Pornography
• Cyber Stalking
• Denial of Service
• Dissemination of Malicious Software (Malware) such as virus, worms, Trojans, Hoax, Spyware
• Phishing
• Data Theft
• Data Security Network sabotage etc.

Conventional cyber crimes

• Cyber Defamation
• Corporate Cyber Smear
• Digital Forgery
• Online Gambling
• Online sale of illegal articles
• E-mail spamming/ e-mail bombing

Some cyber attacks in India

• In June 2012, cyber attacks were reported on the Indian Navy’s Eastern Command systems.
• On July 12, 2013, just few days after the release of the National Cyber Security Policy, several high-level GOI officials reported their emails had been hacked.
• A report later on revealed that almost 12,000 systems were hacked which included systems from the Ministry of External Affairs, Defence Research and Development Organisation, Ministry of Home Affairs, National Informatics Centre etc.
• There are also few reports of Pakistan indulging in threatening cyber warfare. Hacker groups based out of Karachi and Lahore have in recent years managed to hack the websites of the Central Bureau of Investigation (CBI) and the Bharat Sanchar Nigam Limited (BSNL) mostly to leave hate mail.
• It is widely believed that regional terrorist outfits, like the Indian Mujahideen (IM) have also made use of social media sites to communicate effectively.

Some solutions

• The present Modi government must take cyber security of the country seriously considering the ever-increasing cyber security challenges in India.
• It is time now that India must be cyber prepared to protect its cyberspace.
• Draft of the National cyber security policy of India 2015 should be completed as soon as possible.
• There must be a dedicated cyber security law of India keeping in mind contemporary cyber security threats.
• Also cyber security disclosure norms in India must be formulated.
• The cyber security awareness in India must be further improved and spread so that various stakeholders can also effectively take part to the implementation of cyber security initiatives of Indian government.

Read More:

Cyber Stalking: A Modern Menace
Cyber Attacks on Indian Government Websites