Wednesday, November 4, 2015

Smart Cities Cyber Security In India: The Problems And Solutions

Smart cities are the future of urbanisation and population sustainability. The aim of smart cities is to provide a conductive environment for living, commercial activities, healthcare and overall development. Smart cities also predominantly rely upon use of information and communication technologies (ICT) to render public services. Wherever applicable, Internet of Things (IoT) (PDF), cloud computing and virtualisation and machine to machine (M2M) system usage is also there. However, this omnipresent usage of ICT, IoT, M2M, cloud computing, etc has a potential drawback as well in the form of indifference towards smart cities cyber security.

It is not difficult to visualise a scenario of cyber attacks against the critical infrastructures of the smart cities that are run by ICT and technology. Such a cyber attack can cripple the entire smart city if properly executed. Critical infrastructure protection in India (PDF) is still at nascent stage. The national cyber security policy of India 2013 is also very weak and even that has not been implemented by Indian government so far. The much awaited cyber security policy of India 2015 is also missing so far.

A strong cyber security infrastructure of India is need of the hour especially when there is no well settled international legal issues of cyber attacks that can be invoked in the case of a cyber incidence. It is very important that international legal issues of cyber attacks must be resolved by various government and non government stakeholders. There is no globally acceptable cyber law treaty and cyber security treaty (PDF) that can govern the relationships between various countries.  Even the Tallinn Manual on the International Law Applicable to Cyber Warfare  (PDF) is just an academic document with no legal binding obligations. The truth is that Tallinn Manual is not applicable to international cyber warfare attacks and defence and countries are free to take measures as per their own choices.

This has necessitated that cyber security related projects in India must be not only expedited but they must also be successfully implemented as soon as possible. Unfortunately, cyber projects like National Cyber Coordination Centre (NCCC) of India, National Critical Information Infrastructure Protection Centre (NCIPC) of India, Grid Security Expert System (GSES) of India, National Counter Terrorism Centre (NCTC) of India, Cyber Attacks Crisis Management Plan of India, Crisis Management Plan Of India For Cyber Attacks And Cyber Terrorism, Cyber Command For Armed Forces Of India, Tri Service Cyber Command for Armed Forces of India, Central Monitoring System (CMS) Project of India, National Intelligence Grid (Natgrid) Project of India, Internet Spy System Network And Traffic Analysis System (NETRA) of India, Crime and Criminal Tracking Network and Systems (CCTNS) Project of India, etc have still not been implemented successfully by Indian government.

This raises the pertinent question as to how Indian government would ensure cyber security of smart cities in India. We at Centre of Excellence for Cyber Security Research and Development in India (CECSRDI) believe that Modi government must take cyber security seriously. The cyber security challenges in India would increase further and India must be cyber prepared to protect its cyberspace. CECSRDI believes that the starting point is to draft the cyber security policy of India 2015 as the 2013 policy is highly defective and of little significance. We also believe that a dedicated cyber security law of India is need of the hour. The same must be a techno legal framework keeping in mind contemporary cyber security threats. Further cyber security disclosure norms in India must be formulated by Modi government. The cyber security awareness in India must be further improved so that various stakeholders can contribute significantly to the growth and implementation of cyber security initiatives of Indian government.

Saturday, October 31, 2015

Cyber Security Law Firms In India

About four years back, India's leading techno legal ICT law firm Perry4Law wrote about cyber security legal practice in India. The article was very clear in its message that techno legal fields like cyber law, cyber security, cyber forensics, cyber warfare, cyber terrorism, etc are not the preferred field of legal practice for law firms and lawyers in India and other countries. The main reason for avoiding cyber security legal practice was lack of expertise to manage complicated cyber security related issues. Only law firms like Perry4Law have been managing techno legal issues of cyber security, cyber law, cyber forensics, e-discovery, etc in India so far.

Then came the positive development and lawyers and law firms
started exploring the areas like cyber law, cyber security, cyber forensics, etc. Although the number of such lawyers/law firms is negligible yet the growing interest in the techno legal fields would increase such numbers in future. Further, techno legal issues would also change the way traditional businesses and transactions would be carried out in future. For instance concepts like cyber insurance, online dispute resolution, e-courts, digital evidencing and e-discovery, media forensics, cyber forensics, etc would be very much used in future.

However, technology laws have their own peculiar problems. Cyber laws are generally curative in nature as against the desirable preventive requirements. They are formulated keeping in mind the crimes/cyber crimes that have already taken place instead of what cyber crimes can possibly happen in future. In short, cyber laws must be “futuristic” in nature as against “historical” in their applicability. This brings novel legal challenges before lawyers and law firms as cyber security legal practice becomes very challenging and research oriented field.

Cyber crimes and cyber attacks have increased tremendously world over. No country is safe from cyber crimes and sophisticated cyber attacks. Despite this position there is no method or procedure to asertain international legal issues of cyber attacks. Perry4Law Organisation (P4LO) has been managing the exclusive techno legal blog on international legal issues of cyber attacks and the same can be accessed here. Further, to spread public awareness in the techno legal fields, P4LO has also been providing global techno legal news and views and the same can be accessed here. A virtual law campus (VLC) has also been launched by Perry4Law's Techno Legal Base (PTLB) so that skills developments in the fields like cyber law, cyber security, e-discovery, cyber forensics, etc can be ensured for various stakeholders including lawyers.

With issues like cyber espionage and cyber warfare, the traditional armed forces and legal fraternity are now collaborating upon a very unique platform where lawyers need to have a sound knowledge of both law and technology. It seems the techno legal community alone would be able to dare to explore issues like cyber law, cyber security, etc in future.

Thursday, October 29, 2015

International Legal Issues Of Cyber Attacks By Perry4Law Organisation (P4LO)

Anybody who has dealt with international cyber law and cyber security related issues must be aware that it is really tough to solve such cases. Being transnational in nature, cyber law and cyber security issues require international cooperation among various nations and law enforcement agencies.

For instance, if a simple exercise of internet protocol tracking is undertaken, it takes months before any information is received from a foreign jurisdiction. Even in such cases, these are exceptional cases and not a general practice. In this process, the crucial digital evidence is lost forever and the cyber crimes investigation becomes a cold trail.

As there is a severe conflict of laws in cybersapce, it is very important to be aware of various technology related laws of various jurisdictions. However, it is not possible to be aware of all the laws of various jurisdictions. In order to spread public awareness in this regard, Perry4Law Organisation (P4LO) has been managing a dedicated blog on international legal issues of cyber attacks and cyber security. It is the exclusive techno legal blog on the topic not only in India but in entire world.

The blog has covered many techno legal aspects like use of cyber espionage malwares, need for the national security policy of India, legal immunity against cyber deterrent acts in India, open source intelligence through social media websites, protection of Indian cyberspace, national counter terrorism centre (NCTC) of India, cyber security challenges of India, cyber preparedness of India, the Wassenaar Arrangement and cyber security issues, intelligence agencies reforms in India, banking cyber security, techno legal analysis of Gameover Zeus, cyber crimes insurance in India, smart cities cyber security in India, etc.

As on date we have no dedicated cyber security laws in India. This is the reason why cyber security is more ignored than complied with in India. Even the blooming e-commerce industry of India is devoid of required cyber security practices and requirements. Cyber security of banks in India is also not upto the mark. This has forced the Reserve Bank of India to constitute a IT subsidiary that would consider, monitor and prescribe cyber security related rules, regulations and practices for banks in India. Even the Companies Act 2013 has prescribed cyber security obligations for the directors of companies. This is in addition to the cyber law obligations of banks and directors of Indian companies.

It is well understood that international legal issues of cyber attacks are not easy to handle. Nevertheless, Indian government cannot afford to ignore this situation and it must urgently work towards making Indian cyber security robust, resilent and effective. P4LO hopes that our readers would find our blog on international legal issues of cyber attacks, cyber law and cyber security useful.

Source: CSRDCI.

Wednesday, January 7, 2015

Perry4Law Leads In Cyber Forensics And Cyber Security Legal Practice Worldwide

When we hear of fields like cyber security and cyber forensics, technology companies come to our mind. As the demands of clients have significantly increased, many non traditional professionals have also started providing services in these areas. One such professional branch is legal fraternity that has started providing services for areas like forensics audit, cyber forensics, cyber security, e-discovery, etc.

In the year 2002, Perry4Law Organisation (P4LO) was established and its segment Perry4Law Law Firm is the first and exclusive techno legal law firm of India. With more than a decade experience, P4LO and Perry4Law Law Firm have catered the needs of national and international clients in various techno legal fields.

Perry4Law has set a trend for cyber forensics and cyber security legal practice worldwide through its domain specific and highly specialised techno legal services. Its research works are frequently cited by scholars at national and international levels. What is more amazing is the establishment of dedicated online resources in the fields of Cyber Law, Cyber Security, Cyber Forensics, E-Discovery, Telecom Laws,  Intellectual Property Rights (IPRs), Corporate Laws, etc.

Praveen Dalal, managing partner of Perry4Law Law Firm and P4LO and leading techno legal expert of Asia, is a strong advocate of Civil Liberties Protection in Cyberspace. He believes that Human Rights Protection in Cyberspace must be Internationally Recognised. He also believes that E-Surveillance Projects of India need Parliamentary Oversight and Judicial Scrutiny.

Dalal is also a strong advocate of cyber and data security.  No Client would be happy if its/his/her confidential and sensitive documents are obtained through cracking/hacking the Law Firm Website or Database, opines Dalal. Perry4Law Law Firm uses the “Best Cyber Security Practices” recommended by International Organisations, informs Dalal.

With international level of techno legal expertise, P4LO and Perry4Law Law Firm are class apart and world leaders in techno legal services. Other Law Firms of India must also start providing services in techno legal fields if they have the requisite expertise in this regard.

Wednesday, December 31, 2014

Indian Cyber Security Trends 2014 By CECSRDI

Cyber breaches have kept the governments, individuals and companies around the world busy in 2014 in protecting their interests and assets. India has also taken few steps in 2014 in the cyber security field though they are of preliminary nature.

The annual cyber security trend of Perry4Law Organisation (P4LO) is out. This supplement the previous year trends name cyber security trends and developments of India 2013 (PDF). For the year 2014, P4LO has provided the cyber security trends and developments in India 2014. Further, the CECSRDI Twitter account of P4LO is a very good place to get first hand information about cyber security of India.

Some of the areas covered by the cyber security trends 2014 are policy and legal framework, national cyber coordination centre, bitcoins, e-commerce websites, cyber security obligations of directors, etc.

India has been facing many cyber security challenges that are not easy to tackle. The year 2014 did not witness taking of any effective steps by Indian government to tackle these challenges. The international nature of cyber attacks would require a totally different approach towards cyber crimes and cyber security in India. Keeping this in mind, even the cyber law of India would be required to be suitably amended or repealed.

The winter session of Indian Parliament is already over with not much legislative success. Let us hope that in the next session of Parliament, India would pay attention to cyber law and cyber security related legal and regulatory issues.

Friday, November 21, 2014

India Needs To Strengthen Its Cyber Security Capabilities

India is trying to implement the Digital India project to the best of its capabilities. The success of Digital India project would depend upon maximum connectivity with minimum cyber security risks. This is also a problem for India as India has a poor track record of cyber security.

For instance, the Telecom Commission has approved satellite based mobile services in India. Similarly, free wireless and Internet connectivity would also be made available to Indian people for convenience and better connectivity. However, this would raise wireless security and numerous cyber security challenges as well.

Although the National Cyber Security Policy of India 2013 (NCSP 2013) (PDF) was announced by Indian Government in 2013 yet its actual implementation is still missing. As a result fields like e-governance and e-commerce are still risky and may require cyber insurance in the near future. 

Cyber attacks have increased tremendously world over and India is also required to protect its cyber frontiers through techno legal measures.  At the same time efforts must be made by India to formulate effective cyber crimes prevention strategy and impart cyber crime investigation training to the law enforcement agencies of India.

Some specific areas against which India needs to strengthen its cyber security are cyber warfare, cyber terrorism, cyber espionage, critical infrastructure protection (PDF), international cyber security cooperation (PDF), etc. At the international level, there has been a trend to block free flow of cyber security technologies. Recently a proposal was mooted to include cyber security under the Wassenaar Arrangement that was strongly objected to be India. If accepted, export restrictions could have been placed upon cyber security technologies.

India needs to strengthen its cyber security capabilities that must include both offensive and defensive cyber security capabilities. A cyber warfare policy of India (PDF) must also be formulated urgently that must include cyber security skills development objective as well.

Sunday, September 14, 2014

Cyber Security Needs Urgent Attention Of Indian Government

Cyber security in India has received little attention from our policy makers from time to time. Successive governments in India have failed to cater the growing needs for robust and effective cyber security of India. It is clear that India not only lacks offensive and defensive cyber security capabilities but it is not capable of dealing with sophisticated malware like Stuxnet, Duqu, Flame, Uroburos/Snake, Blackshades, FinFisher, Gameover Zeus, etc. The cyber security trends in India (Pdf) are not at all convincing.

Cyber security initiatives and projects in India are negligible in numbers. Even if some projects have been proposed, they have remained on papers only. Projects like National Cyber Coordination Centre (NCCC) of India, National Critical Information Infrastructure Protection Centre (NCIPC) of India, has etc failed to materialise so far. The National Cyber Security Policy of India 2013 also failed to take off and even if it is implemented it is weak on numerous aspects like privacy violation in general and civil liberties infringement in particular. It would not be wrong to say that India is a sitting duck in cyberspace and civil liberties protection regime.

Cyber security breaches are increasing world over and India is also facing this problem. The cyber security challenges before the Narendra Modi government would not be easy to manage as everything has to be managed from the beginning. There is a dire need to protect Indian cyberspace from sophisticated cyber attacks. For instance, cyber security of critical infrastructures (Pdf) likes banks, automated power grids, satellites, thermal power plants, SCADA systems, etc are vulnerable to cyber attacks from around the world.

According to New Delhi based techno legal law firm Perry4Law, the ultimate solution in this regard is to formulate a techno legal framework that can safeguard Indian cyberspace in the best possible manner. A dedicated cyber security law of India and implementable cyber crisis management plan is also required. Outdated and draconian laws like cyber law and telegraph Act of India must also be repealed immediately.

In these circumstances cyber security needs urgent attention of Indian government. In a positive development, the National Cyber Coordination Centre (NCCC) of India may finally see the light of the day and may become functional very soon. The NCCC would help India is fighting against national and international cyber threats. Very soon it would be clear how far the BJP government would go to protect Indian cyberspace.

Friday, July 4, 2014

India Is A Sitting Duck In Cyber Security Area Opines Praveen Dalal

India’s position regarding cyber security and privacy protection has been exposed due to recent negative developments that have severely affected the rights of Indian citizens. It has now become very clear that India is a sitting duck in both the fields of civil liberties protections and cyber security. It has also been well understood by Indian citizens that privacy rights in India is not charity but a constitutional right. As a result it would be next to impossible for the Modi government to fool Indian citizens anymore in this regard.

Cyber security in India is an alien concept for Indian government for long. Even the Modi government is currently not in a position to tackle the cyber security challenges of India with its current approach and policies. Anybody can target India for various forms of cyber attacks and cyber crimes and India has become a land of no resistance for the crackers.

According to Praveen Dalal, managing partner of New Delhi based ICT law firm Perry4Law and CEO of Perry4Law’s Techno Legal Base (PTLB), India is a Sitting Duck in the Cyberspace and Civil Liberties Protection Regime. Malware like Stuxnet, Duqu, Flame, Uroburos/Snake, Blackshades, FinFisher, Gameover Zeus (GOZ), etc cannot be tackled by India due to lack of Offensive and Defensive Cyber Security Capabilities. Cyber Security Breaches are increasing World over and India must be “Cyber Prepared” to deal with the same. The Cyber Security Challenges before the Narendra Modi Government are not easy to manage and Indian Cyberspace must be protected on a “Priority Basis”.

Whether it is Congress government or Bharatiya Janata Party (BJP) government, none of them have done anything significant in the directions of ensuring effective cyber security laws and privacy laws in India. For instance, the Modi government has done nothing except summoning of few officials of United States for blatant violation of privacy rights of Indians and invading Indian cyberspace.

According to Dalal “We cannot “Enact Laws” but we can use “Counter Technologies” to prevent Illegal and Unconstitutional E-Surveillance and Eavesdropping. Self Defence and Privacy Protection in India must be ensured by us at our own levels. The initiatives titled PRISM Break and Reset the Net are the “Starting Point” in this regard”. If Modi government fails to safeguard privacy rights in the information era, self defence seems to be the only available option for Indian citizens.

Friday, June 20, 2014

Cyber Security Challenges For The Modi Government

The cyber security threats emanating from malware like Stuxnet, Duqu, Flame, Uroburos/Snake, Blackshades, FinFisher, Gameover Zeus (GOZ), etc are now well known. No country can afford to ignore these cyber threats as computer systems are now essential part of day to day functioning of governments around the world. The cyberspace landscape of India is also fast changing and suitable policies must be formulated by the Modi government to tackle the same effectively.

Cyber security is an international issues and it requires international cooperation to be effective. For instance, the cyber breach of Ebay has international legal ramifications and one cannot contend that the place of establishment alone would feel the consequences. However, there are some nations that are not in favour of international technology transfer in the field of cyber security. In one such incidence, India has opposed the proposal to include cyber security technologies under the Wassenaar Arrangement.

However, cyber security in India is in a poor condition.  Cyber security of banks in India is also required to be strengthened. The banks operating in India are not at all serious about maintaining cyber security of banking related transactions and this is resulting in many cyber and financial crimes in India. In the absence of appropriate skills development and modernisation of law enforcement agencies of India, police force are finding it really difficult to solve technology related crimes. Further, cyber security of sensitive databases like National Identity Cards would also require strong privacy protection and cyber security compliances.

Another problematic are is absence of an implementable telecom security policy of India. Most of the policies and regulations in this regard are clearly unconstitutional in nature as they are neither balanced nor in compliance with the constitutional requirements. Experts believe that the stand of Modi government regarding e-surveillance projects like Central Monitoring System (CMS) Project of India and Internet Spy System Network and Traffic Analysis System (NETRA) of India must be made clear. Otherwise, this would create troubles for the government as well as for the telecom security policy in the near future.

The cyber security challenges for the Modi government must be given due importance. Cyber security should be an essential component of the national security policy of India. The cyber security trends in India 2013 (PDF) have highlighted major shortcomings of Indian cyber security initiatives and the same must be addressed by Modi government as soon as possible. Although National Cyber Security Policy (NSCP) 2013 has been declared yet it needs both updation and implementation as per opinion of cyber security experts.

We need dedicated cyber security laws in India and effective cyber security policies. For instance, we have no cyber warfare policy of India (PDF) and this is a major lacuna in the contemporary times. Similarly, critical infrastructure protection in India (PDF) is also not up to the mark and it needs to be strengthened. Let us hope that the Modi government would do needful in this regard.

Thursday, May 29, 2014

The Cyberspace Landscape Of India Is Changing

The recent cyber security updates by Perry4Law and PTLB have indicated that there has been an extraordinary surge in the cyber attacks at a global level. Malware like Stuxnet, Duqu, Flame, Uroburos/Snake, Blackshades, FinFisher, etc have been messing up with computer systems located in different parts of the world.

For instance, Ebay faced sophisticated cyber attacks and as a result of the same it is facing legal actions in United States and European countries. Similarly, the U.S. Department of Homeland Security (DHS) has reported that a hacking group had recently attacked a U.S. public utility and compromised its control system network.

India is also not safe from these cyber attacks as cyber security attacks ate global in nature. Experts believe that the Indian cyberspace must be protected on a priority basis. This would not be an easy task as the new government has received a paralysed cyber security infrastructure in India in heritage. Further, cyber security skills development is also missing in India and we do not have the appropriate cyber professionals to deal with sophisticated cyber attacks.

According to experts, there is an urgent need to formulate cyber warfare policy of India (PDF) so that cyber warfare issues can be effectively managed. Critical infrastructure protection is also required to be ensured in India.

The cyberspace landscape of India is fast changing and if we cannot match its progress we would be left far behind in the cyber security initiatives. Cyber security of India must be strengthened at the policy and legal fronts so that there is a holistic growth and development in this crucial field. Let us also hope that the new government would consider cyber security as an essential part of the national security policy of India.  

Saturday, March 22, 2014

Cyber Security And International Cooperation

Cyber attacks are global in nature as they are designed like that only. Initially, cyber attacks were conducted more on the side of fun but now they have become weapons of trans border crimes. Countries have also realised the potential of a covert cyber attacks to gain strategic and sensitive information from a country of interest. In this entire scenario we have no international legal issues of cyber attacks that can govern the position at the international level.

Naturally, countries across the world are required to manage international cyber threats at the national level. This is not a very fruitful exercise but it gives a psychological boost to the nations that their cyberspace and critical infrastructures are safe from external cyber attacks. India is also following the national cyber security approach to international cyber security threats.

The cyber security breaches in India would raise serious cyber security issues in the near future. In order to effectively analyse and prevent future cyber attacks, companies and individuals must adopt suitable cyber security breach notification to appropriate cyber authorities of India. Sophisticated malware like Stuxnet, Duqu, Flame, Uroburos/Snake, etc cannot be tackled with normal cyber security products.  We need dedicated cyber security workforce which is well trained in this regard as indicated by the cyber security trends and developments of India 2013.

India has announced few cyber security initiatives to strengthen its cyber security capabilities. These include a cyber command, critical infrastructure protection, cyber crisis management plan, national cyber security coordination centre (NCCC), thermal power cyber security proposal, national security policy of India, tri service cyber command, national cyber security policy of India 2013, etc. However, according to techno legal experts, implementation of these proposals is still a big challenge for the Indian government. Further, a robust cyber security law of India is also required to be formulated by India as soon as possible.

Cyberspace stakeholders must understand that cyber security is an international issue (PDF) and not a national one. Therefore, an international cyber security treaty is required (PDF). In the absence of such globally acceptable cyber security treaty, the conflict of laws in cyberspace would continue to make the things difficult. Of course, India is not at all prepared to meet the future cyber security threats and challenges with the present framework and policies.

Sunday, March 16, 2014

Cyber Security Breaches In India Would Raise Complicated Cyber Security Issues- Perry4Law

Cyber security breaches have become a norm these days. Whether it is an e-commerce website or a law firm, cyber attacks have put them under grave risk. Any organisation having online presence is vulnerable to cyber attacks and data theft. It is not possible to completely safeguard the data and information stored in an online environment. Sophisticated malware like Stuxnet, Duqu, Flame, Uroburos/Snake, etc cannot be tackled with cyber security products.  

At times the cyber attacks are so covert that they remain in operation for years. It is in the larger interest of cyberspace community that information about them is share as early as possible. This is the reason that many jurisdictions have prescribed cyber security breach notification requirements. Similarly, remedial actions must be also be taken against such cyber attacks as soon as possible so that further damage can be prevented.

The recent spate of cyber crimes and cyber attacks that happened in India or having Indian connection is alarming to say the least. The Karnataka CID is already investigating the possible involvement of Enstage Software’s staff in international ATM heist case. Similarly, the search exercise by the enforcement directorate (ED) of India upon Bitcoin exchanges is also well known. Target Corporation’s data breach is also being investigated world over and legal proceeding against it is pending in numerous jurisdictions, including India.

These are some of the examples that have reported and many more such incidences have still not surfaced. This is so because individuals and companies are not at all disclosing cyber breaches to Indian authorities and agencies. India has still not enforced strong and robust cyber security breach disclosure norms.

While western countries and European Union are working in the direction of protecting consumer interests and cyber security yet India has neglected this crucial field, informs Asia’s leading techno legal law firm Perry4Law.  Indian government has neglected and failed to formulate a dedicated cyber security law in India and this is creating a host of problems for India, opined Perry4Law. As a result various cyber security breaches in India are either ignored or they are not properly prosecuted by Indian authorities. The position would change very soon as these cyber breaches would raise complicated cyber law and cyber security issues in the near future in India and they cannot be ignored any more by Indian government, informs Perry4Law.

The real problem seems to be lax attitude of Indian government and law enforcement agencies to seek proper and timely cyber security breach information. These cyber security breaches need a mandatory reporting system that can be analysed and evaluated from time to time ,opines Praveen Dalal, managing partner of Perry4Law and leading techno legal expert of Asia. 

There is no doubt that foreign companies and websites would witness increased cyber litigation against them in India. They are required to comply with cyber law due diligence (PDF) and cyber security due diligence that they are presently not following. Even e-discovery and cyber forensics best practices are required to be adopted by various national and international companies operating in India. It is a matter of time only that these companies and websites would be prosecuted in India for flouting Indian laws and rules.

Wednesday, March 12, 2014

Cyber Security Breaches Need A Mandatory Reporting Mechanism

Cyber security attacks have become very sophisticated in nature. The recent malware named Uroburos/Snake is another example of growing cyber espionage and cyber warfare among various nations. The era of websites defacement is well over and stealing of sensitive information is the new trend.

India is a very late starter as far as cyber security is concerned. The speed of cyber security initiative of India is still very slow. Further, there is no dedicated cyber security law of India that can be used in cases of cyber crimes, cyber attacks and cyber contraventions. The information technology act, 2000 is ill suited to take care of the cyber security related issues in India.

The telecom companies/internet services providers (ISPs) are also not sharing information pertaining to cyber attacks against their networks. As a result, a robust cyber security strategy to counter cyber attacks cannot be formulated.

National Security Council Secretariat (NSCS) has requested Reliance Jio Infocomm to share potential cyber security threats on India’s telecom networks. India has announced that cyber security breach disclosure norm would be formulated very soon. However, till now no such disclosure norms are applicable in India against telecom companies/ISPs of India.

Strict enforcement of the license conditions (PDF) and the proposed national telecom security policy of India 2014 may change this scenario in the near future. However, nothing is better than formulating a good cyber security law of India that can establish a regulatory regime for compulsory cyber security breach notifications on the part of telecom companies/ISPs.  

This is important as critical infrastructures of India like automated power grids, thermal plants, satellites, etc are vulnerable to diverse forms of cyber attacks. This is the reason why NTRO has been assigned the task of protecting the critical infrastructure of India. Till the national cyber coordination centre (NCCC) is put into place, national level cyber security coordination would be missing.

The cyber crisis management plan of India and the cyber security policy of India must also be made operational as soon as possible. Let us hope that Indian government would do the needful as soon as possible.

Friday, January 24, 2014

Cybersecurity Education And Research Centre (CERC) Of India

Cyber security is a specialised field that requires a totally different orientation unlike the traditional educational system. India is a slow mover when it comes to cyber security adoption. It is only in the year 2013 that the cyber security policy of India was announced. 

As India has ignored the cyber security field for a very long period, both technically as well as legally, India is finding it difficult to regulate cyber security related issues. Neither individuals nor companies are interested in fulfilling with additional cyber security obligations. The shortcomings of Indian cyber security initiatives have been marvelously covered by the cyber security trends of India (Pdf) as provided by Perry4Law Organisation.

Not only there is a lack of cyber security awareness in India but even cyber security capabilities of India need to be enhanced. There are very few cyber security research and educational centres in India. Further, we have a single techno legal cybersecurity education and research centre (CERC) of India managed by Perry4Law’s Techno Legal Base (PTLB).

The CERC of PTLB would play a crucial role in meeting the training objectives of the cyber security policy of India that has clearly mandated that Indian needs a cyber security trained workforce. However, there is a big problem in achieving this objective of Indian government. Presently there are very few institutions in India that are providing cyber security trainings and skills development in India.

This has increased the importance of institutions like PTLB that provide online cyber security trainings and skills development in India. Not only this, PTLB is also providing the exclusive techno legal skills development and trainings in India through its distance learning and e-learning model.

What is unique about these initiatives of PTLB is that they provide both technical and legal inputs to Indian government and private sector. These techno legal cyber security inputs can be readily adopted by Indian government. In fact, many of the suggestions and recommendations of perry4Law Organisation and PTLB have already been accepted and incorporated into various cyber security initiatives declared by Indian government from time to time.

It is only natural that the initiatives of Perry4Law and PTLB would be essential part of the cyber security policies and strategies of Indian government from time to time to ensure that they become really successful.

Tuesday, January 14, 2014

Indian Cyber Command Contemplated Once Again!

India has reiterated its desire to constitute a cyber command covering all the three segments of armed forces of India. Previously the proposal was mooted in the month of May 2013. Now fresh interest has been shown in this crucial are by the armed forces of India.

This is a good step in the right direction as Indian cyber security is lagging far behind as compared to other countries. India is still struggling to deal with issues like cyber warfare, cyber espionage and cyber terrorism, etc. The critical infrastructure protection in India and its problems, challenges and solutions (Pdf) are still to be managed by Indian government. In a good step in this direction, the NTRO would protect the Critical ICT Infrastructures of India.

According to cyber security experts, a dedicated cyber warfare policy of India (Pdf) must be formulated as soon as possible. The present effort of Indian government seems to be a step towards that objective.

However, the main thing is the implementation of various policies formulated from time to time. Till now Indian government has not been able to implement the objectives of the National Cyber Security Policy of India 2013 (NCSP 2013). Further, India government has also failed to integrate the NCSP 2013 with the National Security Policy of India.

Another major failure of Indian government in this regard is the failure to enact a legislation mandating strict cyber security disclosure norms in India. Although proposed almost a year ago, the disclosure norms for cyber security breaches in India are still not implemented. This would prevent actual and effective implementation of cyber security norms in India. This would also affect the cyber security legal practice in India.

It is high time for Indian government to move beyond simple policies formulations to their actual implementation. Without implementation everything is just a dream.

Thursday, January 9, 2014

Cyber Security Updates Of India On 09-01-2014

There are many crucial cyber security updates for the period in question. These includes the analysis of the National Cyber Security Policy of India 2013 (NCSP 2013) formulated by the Indian government. However, the NCSP 2013 has been criticised for many reasons including lack of privacy protection and absence of integration with the National Security Policy of India.

The data protection laws in India and privacy rights in India (Pdf) are still in a state of abysmal. The privacyrights in India in the information age (Pdf) are still ignored by Indian government. Indian government has started many e-surveillance oriented projects without any legal framework and an e-surveillance policy of India (PDF) must be urgently formulated by Indian government.

A dedicated cyber warfare policy of India (Pdf) must be formulated as soon as possible. All these issues have been meticulously covered by the cyber security trends and developments in India 2013 (PDF) released by Perry4Law and Perry4Law’s Techno Legal Base (PTLB).

Cyber security experts in India believe that cyber security must be an international issue (Pdf) and in order to ensure the same an international cyber security treaty is required (Pdf).

The year 2013 was a tough one for the India cyber security and the year 2014 would bring its own share of problems for Indian cyberspace. Let us hope that Indian government would be well equipped to deal with the same.

Wednesday, April 17, 2013

Cyber Security Updates On 17-04-2013

Here are the relevant cyber security updates as on date. We hope our readers would find these updates useful.

(1) CISPA: In United States, proposed law named cyber intelligence sharing and protection act (CISPA) is making rounds. The White House has threatened to veto the CISPA if Congress approves it in its current form. The future development in this regard would be interesting.

(2) Telecom Security Directorate: Centre is planning to set up a telecom security directorate of India. This is a good initiative and we hope this would not be another declaration.

(3) Cyber Security Best Practices: Perry4Law Organisation and Perry4Law’s Techno Legal Base (PTLB) have provided the exclusive cyber security best practices of India. They are really impressive and comprehensive in nature and must be adopted by Indian government with immediate effect.

(4) Metasploit 4.6.0 Released: The Metasploit version 4.6.0 has been released by Rapid7. This is must have tool for cyber security and penetration testing professionals.

(5) Airline Compromise: The airline pilot flight systems and communications can be compromised. As per a report it is possible that airline pilot flight systems and communications can be compromised and controlled with android smartphone and customised attack code. However, Federal Aviation Administration (FAA) strongly denied that the alleged smartphone airplane hack can work on real planes.

(6) Cyber Security Brochures: The cyber security awareness brochures in India have been mooted by Indian government. However, the manufacturers' association for information technology (MAIT) and other hardware manufacturers associations are not happy with the idea and are labeling it as burdensome and unproductive.

(7) NCIPC Of India: The national critical information infrastructure protection centre (NCIPC) of India has been proposed by Indian government in the past. However, till now the NCIIPC of India has failed to materialise in India.

(8) India And Cyber Security: The international community is increasingly considering India as an important player in ensuring international cyber security and preventing global cyber crimes. India has to meet these expectations in the best possible manner.

(9) Kochi Metro Site Cracked: The Kochi metro rail corporation’s website was cracked and compromised. As on date the websites has been restored back and is working fine.