Wednesday, December 31, 2014

Indian Cyber Security Trends 2014 By CECSRDI

Cyber breaches have kept the governments, individuals and companies around the world busy in 2014 in protecting their interests and assets. India has also taken few steps in 2014 in the cyber security field though they are of preliminary nature.

The annual cyber security trend of Perry4Law Organisation (P4LO) is out. This supplement the previous year trends name cyber security trends and developments of India 2013 (PDF). For the year 2014, P4LO has provided the cyber security trends and developments in India 2014. Further, the CECSRDI Twitter account of P4LO is a very good place to get first hand information about cyber security of India.

Some of the areas covered by the cyber security trends 2014 are policy and legal framework, national cyber coordination centre, bitcoins, e-commerce websites, cyber security obligations of directors, etc.

India has been facing many cyber security challenges that are not easy to tackle. The year 2014 did not witness taking of any effective steps by Indian government to tackle these challenges. The international nature of cyber attacks would require a totally different approach towards cyber crimes and cyber security in India. Keeping this in mind, even the cyber law of India would be required to be suitably amended or repealed.

The winter session of Indian Parliament is already over with not much legislative success. Let us hope that in the next session of Parliament, India would pay attention to cyber law and cyber security related legal and regulatory issues.

Friday, November 21, 2014

India Needs To Strengthen Its Cyber Security Capabilities

India is trying to implement the Digital India project to the best of its capabilities. The success of Digital India project would depend upon maximum connectivity with minimum cyber security risks. This is also a problem for India as India has a poor track record of cyber security.

For instance, the Telecom Commission has approved satellite based mobile services in India. Similarly, free wireless and Internet connectivity would also be made available to Indian people for convenience and better connectivity. However, this would raise wireless security and numerous cyber security challenges as well.

Although the National Cyber Security Policy of India 2013 (NCSP 2013) (PDF) was announced by Indian Government in 2013 yet its actual implementation is still missing. As a result fields like e-governance and e-commerce are still risky and may require cyber insurance in the near future. 

Cyber attacks have increased tremendously world over and India is also required to protect its cyber frontiers through techno legal measures.  At the same time efforts must be made by India to formulate effective cyber crimes prevention strategy and impart cyber crime investigation training to the law enforcement agencies of India.

Some specific areas against which India needs to strengthen its cyber security are cyber warfare, cyber terrorism, cyber espionage, critical infrastructure protection (PDF), international cyber security cooperation (PDF), etc. At the international level, there has been a trend to block free flow of cyber security technologies. Recently a proposal was mooted to include cyber security under the Wassenaar Arrangement that was strongly objected to be India. If accepted, export restrictions could have been placed upon cyber security technologies.

India needs to strengthen its cyber security capabilities that must include both offensive and defensive cyber security capabilities. A cyber warfare policy of India (PDF) must also be formulated urgently that must include cyber security skills development objective as well.

Sunday, September 14, 2014

Cyber Security Needs Urgent Attention Of Indian Government

Cyber security in India has received little attention from our policy makers from time to time. Successive governments in India have failed to cater the growing needs for robust and effective cyber security of India. It is clear that India not only lacks offensive and defensive cyber security capabilities but it is not capable of dealing with sophisticated malware like Stuxnet, Duqu, Flame, Uroburos/Snake, Blackshades, FinFisher, Gameover Zeus, etc. The cyber security trends in India (Pdf) are not at all convincing.

Cyber security initiatives and projects in India are negligible in numbers. Even if some projects have been proposed, they have remained on papers only. Projects like National Cyber Coordination Centre (NCCC) of India, National Critical Information Infrastructure Protection Centre (NCIPC) of India, has etc failed to materialise so far. The National Cyber Security Policy of India 2013 also failed to take off and even if it is implemented it is weak on numerous aspects like privacy violation in general and civil liberties infringement in particular. It would not be wrong to say that India is a sitting duck in cyberspace and civil liberties protection regime.

Cyber security breaches are increasing world over and India is also facing this problem. The cyber security challenges before the Narendra Modi government would not be easy to manage as everything has to be managed from the beginning. There is a dire need to protect Indian cyberspace from sophisticated cyber attacks. For instance, cyber security of critical infrastructures (Pdf) likes banks, automated power grids, satellites, thermal power plants, SCADA systems, etc are vulnerable to cyber attacks from around the world.

According to New Delhi based techno legal law firm Perry4Law, the ultimate solution in this regard is to formulate a techno legal framework that can safeguard Indian cyberspace in the best possible manner. A dedicated cyber security law of India and implementable cyber crisis management plan is also required. Outdated and draconian laws like cyber law and telegraph Act of India must also be repealed immediately.

In these circumstances cyber security needs urgent attention of Indian government. In a positive development, the National Cyber Coordination Centre (NCCC) of India may finally see the light of the day and may become functional very soon. The NCCC would help India is fighting against national and international cyber threats. Very soon it would be clear how far the BJP government would go to protect Indian cyberspace.

Friday, July 4, 2014

India Is A Sitting Duck In Cyber Security Area Opines Praveen Dalal

India’s position regarding cyber security and privacy protection has been exposed due to recent negative developments that have severely affected the rights of Indian citizens. It has now become very clear that India is a sitting duck in both the fields of civil liberties protections and cyber security. It has also been well understood by Indian citizens that privacy rights in India is not charity but a constitutional right. As a result it would be next to impossible for the Modi government to fool Indian citizens anymore in this regard.

Cyber security in India is an alien concept for Indian government for long. Even the Modi government is currently not in a position to tackle the cyber security challenges of India with its current approach and policies. Anybody can target India for various forms of cyber attacks and cyber crimes and India has become a land of no resistance for the crackers.

According to Praveen Dalal, managing partner of New Delhi based ICT law firm Perry4Law and CEO of Perry4Law’s Techno Legal Base (PTLB), India is a Sitting Duck in the Cyberspace and Civil Liberties Protection Regime. Malware like Stuxnet, Duqu, Flame, Uroburos/Snake, Blackshades, FinFisher, Gameover Zeus (GOZ), etc cannot be tackled by India due to lack of Offensive and Defensive Cyber Security Capabilities. Cyber Security Breaches are increasing World over and India must be “Cyber Prepared” to deal with the same. The Cyber Security Challenges before the Narendra Modi Government are not easy to manage and Indian Cyberspace must be protected on a “Priority Basis”.

Whether it is Congress government or Bharatiya Janata Party (BJP) government, none of them have done anything significant in the directions of ensuring effective cyber security laws and privacy laws in India. For instance, the Modi government has done nothing except summoning of few officials of United States for blatant violation of privacy rights of Indians and invading Indian cyberspace.

According to Dalal “We cannot “Enact Laws” but we can use “Counter Technologies” to prevent Illegal and Unconstitutional E-Surveillance and Eavesdropping. Self Defence and Privacy Protection in India must be ensured by us at our own levels. The initiatives titled PRISM Break and Reset the Net are the “Starting Point” in this regard”. If Modi government fails to safeguard privacy rights in the information era, self defence seems to be the only available option for Indian citizens.

Friday, June 20, 2014

Cyber Security Challenges For The Modi Government

The cyber security threats emanating from malware like Stuxnet, Duqu, Flame, Uroburos/Snake, Blackshades, FinFisher, Gameover Zeus (GOZ), etc are now well known. No country can afford to ignore these cyber threats as computer systems are now essential part of day to day functioning of governments around the world. The cyberspace landscape of India is also fast changing and suitable policies must be formulated by the Modi government to tackle the same effectively.

Cyber security is an international issues and it requires international cooperation to be effective. For instance, the cyber breach of Ebay has international legal ramifications and one cannot contend that the place of establishment alone would feel the consequences. However, there are some nations that are not in favour of international technology transfer in the field of cyber security. In one such incidence, India has opposed the proposal to include cyber security technologies under the Wassenaar Arrangement.

However, cyber security in India is in a poor condition.  Cyber security of banks in India is also required to be strengthened. The banks operating in India are not at all serious about maintaining cyber security of banking related transactions and this is resulting in many cyber and financial crimes in India. In the absence of appropriate skills development and modernisation of law enforcement agencies of India, police force are finding it really difficult to solve technology related crimes. Further, cyber security of sensitive databases like National Identity Cards would also require strong privacy protection and cyber security compliances.

Another problematic are is absence of an implementable telecom security policy of India. Most of the policies and regulations in this regard are clearly unconstitutional in nature as they are neither balanced nor in compliance with the constitutional requirements. Experts believe that the stand of Modi government regarding e-surveillance projects like Central Monitoring System (CMS) Project of India and Internet Spy System Network and Traffic Analysis System (NETRA) of India must be made clear. Otherwise, this would create troubles for the government as well as for the telecom security policy in the near future.

The cyber security challenges for the Modi government must be given due importance. Cyber security should be an essential component of the national security policy of India. The cyber security trends in India 2013 (PDF) have highlighted major shortcomings of Indian cyber security initiatives and the same must be addressed by Modi government as soon as possible. Although National Cyber Security Policy (NSCP) 2013 has been declared yet it needs both updation and implementation as per opinion of cyber security experts.

We need dedicated cyber security laws in India and effective cyber security policies. For instance, we have no cyber warfare policy of India (PDF) and this is a major lacuna in the contemporary times. Similarly, critical infrastructure protection in India (PDF) is also not up to the mark and it needs to be strengthened. Let us hope that the Modi government would do needful in this regard.

Thursday, May 29, 2014

The Cyberspace Landscape Of India Is Changing

The recent cyber security updates by Perry4Law and PTLB have indicated that there has been an extraordinary surge in the cyber attacks at a global level. Malware like Stuxnet, Duqu, Flame, Uroburos/Snake, Blackshades, FinFisher, etc have been messing up with computer systems located in different parts of the world.

For instance, Ebay faced sophisticated cyber attacks and as a result of the same it is facing legal actions in United States and European countries. Similarly, the U.S. Department of Homeland Security (DHS) has reported that a hacking group had recently attacked a U.S. public utility and compromised its control system network.

India is also not safe from these cyber attacks as cyber security attacks ate global in nature. Experts believe that the Indian cyberspace must be protected on a priority basis. This would not be an easy task as the new government has received a paralysed cyber security infrastructure in India in heritage. Further, cyber security skills development is also missing in India and we do not have the appropriate cyber professionals to deal with sophisticated cyber attacks.

According to experts, there is an urgent need to formulate cyber warfare policy of India (PDF) so that cyber warfare issues can be effectively managed. Critical infrastructure protection is also required to be ensured in India.

The cyberspace landscape of India is fast changing and if we cannot match its progress we would be left far behind in the cyber security initiatives. Cyber security of India must be strengthened at the policy and legal fronts so that there is a holistic growth and development in this crucial field. Let us also hope that the new government would consider cyber security as an essential part of the national security policy of India.  

Saturday, March 22, 2014

Cyber Security And International Cooperation

Cyber attacks are global in nature as they are designed like that only. Initially, cyber attacks were conducted more on the side of fun but now they have become weapons of trans border crimes. Countries have also realised the potential of a covert cyber attacks to gain strategic and sensitive information from a country of interest. In this entire scenario we have no international legal issues of cyber attacks that can govern the position at the international level.

Naturally, countries across the world are required to manage international cyber threats at the national level. This is not a very fruitful exercise but it gives a psychological boost to the nations that their cyberspace and critical infrastructures are safe from external cyber attacks. India is also following the national cyber security approach to international cyber security threats.

The cyber security breaches in India would raise serious cyber security issues in the near future. In order to effectively analyse and prevent future cyber attacks, companies and individuals must adopt suitable cyber security breach notification to appropriate cyber authorities of India. Sophisticated malware like Stuxnet, Duqu, Flame, Uroburos/Snake, etc cannot be tackled with normal cyber security products.  We need dedicated cyber security workforce which is well trained in this regard as indicated by the cyber security trends and developments of India 2013.

India has announced few cyber security initiatives to strengthen its cyber security capabilities. These include a cyber command, critical infrastructure protection, cyber crisis management plan, national cyber security coordination centre (NCCC), thermal power cyber security proposal, national security policy of India, tri service cyber command, national cyber security policy of India 2013, etc. However, according to techno legal experts, implementation of these proposals is still a big challenge for the Indian government. Further, a robust cyber security law of India is also required to be formulated by India as soon as possible.

Cyberspace stakeholders must understand that cyber security is an international issue (PDF) and not a national one. Therefore, an international cyber security treaty is required (PDF). In the absence of such globally acceptable cyber security treaty, the conflict of laws in cyberspace would continue to make the things difficult. Of course, India is not at all prepared to meet the future cyber security threats and challenges with the present framework and policies.

Sunday, March 16, 2014

Cyber Security Breaches In India Would Raise Complicated Cyber Security Issues- Perry4Law

Cyber security breaches have become a norm these days. Whether it is an e-commerce website or a law firm, cyber attacks have put them under grave risk. Any organisation having online presence is vulnerable to cyber attacks and data theft. It is not possible to completely safeguard the data and information stored in an online environment. Sophisticated malware like Stuxnet, Duqu, Flame, Uroburos/Snake, etc cannot be tackled with cyber security products.  

At times the cyber attacks are so covert that they remain in operation for years. It is in the larger interest of cyberspace community that information about them is share as early as possible. This is the reason that many jurisdictions have prescribed cyber security breach notification requirements. Similarly, remedial actions must be also be taken against such cyber attacks as soon as possible so that further damage can be prevented.

The recent spate of cyber crimes and cyber attacks that happened in India or having Indian connection is alarming to say the least. The Karnataka CID is already investigating the possible involvement of Enstage Software’s staff in international ATM heist case. Similarly, the search exercise by the enforcement directorate (ED) of India upon Bitcoin exchanges is also well known. Target Corporation’s data breach is also being investigated world over and legal proceeding against it is pending in numerous jurisdictions, including India.

These are some of the examples that have reported and many more such incidences have still not surfaced. This is so because individuals and companies are not at all disclosing cyber breaches to Indian authorities and agencies. India has still not enforced strong and robust cyber security breach disclosure norms.

While western countries and European Union are working in the direction of protecting consumer interests and cyber security yet India has neglected this crucial field, informs Asia’s leading techno legal law firm Perry4Law.  Indian government has neglected and failed to formulate a dedicated cyber security law in India and this is creating a host of problems for India, opined Perry4Law. As a result various cyber security breaches in India are either ignored or they are not properly prosecuted by Indian authorities. The position would change very soon as these cyber breaches would raise complicated cyber law and cyber security issues in the near future in India and they cannot be ignored any more by Indian government, informs Perry4Law.

The real problem seems to be lax attitude of Indian government and law enforcement agencies to seek proper and timely cyber security breach information. These cyber security breaches need a mandatory reporting system that can be analysed and evaluated from time to time ,opines Praveen Dalal, managing partner of Perry4Law and leading techno legal expert of Asia. 

There is no doubt that foreign companies and websites would witness increased cyber litigation against them in India. They are required to comply with cyber law due diligence (PDF) and cyber security due diligence that they are presently not following. Even e-discovery and cyber forensics best practices are required to be adopted by various national and international companies operating in India. It is a matter of time only that these companies and websites would be prosecuted in India for flouting Indian laws and rules.

Wednesday, March 12, 2014

Cyber Security Breaches Need A Mandatory Reporting Mechanism

Cyber security attacks have become very sophisticated in nature. The recent malware named Uroburos/Snake is another example of growing cyber espionage and cyber warfare among various nations. The era of websites defacement is well over and stealing of sensitive information is the new trend.

India is a very late starter as far as cyber security is concerned. The speed of cyber security initiative of India is still very slow. Further, there is no dedicated cyber security law of India that can be used in cases of cyber crimes, cyber attacks and cyber contraventions. The information technology act, 2000 is ill suited to take care of the cyber security related issues in India.

The telecom companies/internet services providers (ISPs) are also not sharing information pertaining to cyber attacks against their networks. As a result, a robust cyber security strategy to counter cyber attacks cannot be formulated.

National Security Council Secretariat (NSCS) has requested Reliance Jio Infocomm to share potential cyber security threats on India’s telecom networks. India has announced that cyber security breach disclosure norm would be formulated very soon. However, till now no such disclosure norms are applicable in India against telecom companies/ISPs of India.

Strict enforcement of the license conditions (PDF) and the proposed national telecom security policy of India 2014 may change this scenario in the near future. However, nothing is better than formulating a good cyber security law of India that can establish a regulatory regime for compulsory cyber security breach notifications on the part of telecom companies/ISPs.  

This is important as critical infrastructures of India like automated power grids, thermal plants, satellites, etc are vulnerable to diverse forms of cyber attacks. This is the reason why NTRO has been assigned the task of protecting the critical infrastructure of India. Till the national cyber coordination centre (NCCC) is put into place, national level cyber security coordination would be missing.

The cyber crisis management plan of India and the cyber security policy of India must also be made operational as soon as possible. Let us hope that Indian government would do the needful as soon as possible.

Friday, January 24, 2014

Cybersecurity Education And Research Centre (CERC) Of India



Cyber security is a specialised field that requires a totally different orientation unlike the traditional educational system. India is a slow mover when it comes to cyber security adoption. It is only in the year 2013 that the cyber security policy of India was announced. 

As India has ignored the cyber security field for a very long period, both technically as well as legally, India is finding it difficult to regulate cyber security related issues. Neither individuals nor companies are interested in fulfilling with additional cyber security obligations. The shortcomings of Indian cyber security initiatives have been marvelously covered by the cyber security trends of India (Pdf) as provided by Perry4Law Organisation.

Not only there is a lack of cyber security awareness in India but even cyber security capabilities of India need to be enhanced. There are very few cyber security research and educational centres in India. Further, we have a single techno legal cybersecurity education and research centre (CERC) of India managed by Perry4Law’s Techno Legal Base (PTLB).

The CERC of PTLB would play a crucial role in meeting the training objectives of the cyber security policy of India that has clearly mandated that Indian needs a cyber security trained workforce. However, there is a big problem in achieving this objective of Indian government. Presently there are very few institutions in India that are providing cyber security trainings and skills development in India.

This has increased the importance of institutions like PTLB that provide online cyber security trainings and skills development in India. Not only this, PTLB is also providing the exclusive techno legal skills development and trainings in India through its distance learning and e-learning model.

What is unique about these initiatives of PTLB is that they provide both technical and legal inputs to Indian government and private sector. These techno legal cyber security inputs can be readily adopted by Indian government. In fact, many of the suggestions and recommendations of perry4Law Organisation and PTLB have already been accepted and incorporated into various cyber security initiatives declared by Indian government from time to time.

It is only natural that the initiatives of Perry4Law and PTLB would be essential part of the cyber security policies and strategies of Indian government from time to time to ensure that they become really successful.

Tuesday, January 14, 2014

Indian Cyber Command Contemplated Once Again!

India has reiterated its desire to constitute a cyber command covering all the three segments of armed forces of India. Previously the proposal was mooted in the month of May 2013. Now fresh interest has been shown in this crucial are by the armed forces of India.


This is a good step in the right direction as Indian cyber security is lagging far behind as compared to other countries. India is still struggling to deal with issues like cyber warfare, cyber espionage and cyber terrorism, etc. The critical infrastructure protection in India and its problems, challenges and solutions (Pdf) are still to be managed by Indian government. In a good step in this direction, the NTRO would protect the Critical ICT Infrastructures of India.

According to cyber security experts, a dedicated cyber warfare policy of India (Pdf) must be formulated as soon as possible. The present effort of Indian government seems to be a step towards that objective.

However, the main thing is the implementation of various policies formulated from time to time. Till now Indian government has not been able to implement the objectives of the National Cyber Security Policy of India 2013 (NCSP 2013). Further, India government has also failed to integrate the NCSP 2013 with the National Security Policy of India.

Another major failure of Indian government in this regard is the failure to enact a legislation mandating strict cyber security disclosure norms in India. Although proposed almost a year ago, the disclosure norms for cyber security breaches in India are still not implemented. This would prevent actual and effective implementation of cyber security norms in India. This would also affect the cyber security legal practice in India.

It is high time for Indian government to move beyond simple policies formulations to their actual implementation. Without implementation everything is just a dream.

Thursday, January 9, 2014

Cyber Security Updates Of India On 09-01-2014

There are many crucial cyber security updates for the period in question. These includes the analysis of the National Cyber Security Policy of India 2013 (NCSP 2013) formulated by the Indian government. However, the NCSP 2013 has been criticised for many reasons including lack of privacy protection and absence of integration with the National Security Policy of India.

The data protection laws in India and privacy rights in India (Pdf) are still in a state of abysmal. The privacyrights in India in the information age (Pdf) are still ignored by Indian government. Indian government has started many e-surveillance oriented projects without any legal framework and an e-surveillance policy of India (PDF) must be urgently formulated by Indian government.


A dedicated cyber warfare policy of India (Pdf) must be formulated as soon as possible. All these issues have been meticulously covered by the cyber security trends and developments in India 2013 (PDF) released by Perry4Law and Perry4Law’s Techno Legal Base (PTLB).

Cyber security experts in India believe that cyber security must be an international issue (Pdf) and in order to ensure the same an international cyber security treaty is required (Pdf).

The year 2013 was a tough one for the India cyber security and the year 2014 would bring its own share of problems for Indian cyberspace. Let us hope that Indian government would be well equipped to deal with the same.