Why Cyber Security Should Be Digital India’s Foremost Priority
Author - Nandini Tripathy
The internet is no longer a prerogative of the well-to-do. With reducing data charges and a greater outreach, the internet has made its way to the remotest corners of India and the world. While digital connections have enabled individuals and organizations to straddle wider expanses in a shorter span of time, the digital paradox is the genesis of this same internet as a countervailing force that’s limiting its potential. Wondering what this countervailing force is? Cybercrimes! The widespread penetration of the internet and the availability of the massive loads of personal and confidential data in digital form has given cyber conmen greater leeway to utilize their unscrupulous intelligence to execute more sophisticated cybercrimes.
The Progress towards a “Digital India” – India’s Digital Saga
Our decent Prime Minister, Shri Narendra Modi, has consistently been a solid promoter of a "Computerized India". He has executed a few stages for a carefully dynamic country. The Indian computerized adventure is bejeweled by a few worthwhile endeavors and examples of overcoming adversity. For example, India's teledensity presently remains at 82.93% according to most recent refreshed figures and the country teledensity has additionally demonstrated an amazing increment to 50.63%. The Government is forcefully progressing in the direction of giving fast web availability to 2.5 lakh gram panchayats through Bharat Broadband Network Limited (BBNL) to fuel the fantasy of a 'Carefully Connected and Empowered India'. To give web access to all residents, BSNL is introducing Wi-Fi hotspots at a few significant open places, for example, the Taj Mahal, Haridwar, Sun Temple (Konark), Ajmer-Dargah Shareef and considerably more.
While there have a few occasions of Luddites and others harbouring backward mindsets castigating such advanced activities, this was the truly necessary advance to place India in the worldwide spotlight as far as computerized development. Be that as it may, a carefully dynamic country additionally calls for hearty advanced security. All things considered; the most carefully propelled countries are regularly the casualties of the gravest cybercrimes. Furthermore, being the nation with one of the world's swiftest developing populace and economy, India needs to situate itself such that it can viably battle all endeavours of assault, undercover work, and damage of basic advanced systems. In this manner, the means towards digitization must be taken as one with the essential strides to foresee, relieve and avert cybercrimes and digital dangers. Furthermore, the onus of keeping up computerized security not simply lays on the pioneers initiating the country or those running an association be that as it may, on each person, who is a piece of this advanced world.
The Indian Cyber Security Status
As far back as its advanced change has picked up pace, India has been at the focal point of digital assaults executed by cybercriminals, hacktivists and for the most part non-state on-screen characters. According to Cherian Samuel, a Research Fellow in the Strategic Technologies Center at the Institute for Defense Studies and Analyses in New Delhi, such non-state on-screen characters who have the help of the typical suspects have been generally seen as associated with digital undercover work by breaking into government systems while the record-breaking cybercriminals are being sustained by the consistently expanding Indian Digital scene. He has likewise discovered that Indian systems are as a rule progressively focused by 'energetic programmers' and hacktivists who are a piece of the bigger unknown munitions stockpile of programmers.
The year 2017 saw an unequaled high of digital assaults and fakes looked by Indian organizations, as indicated by the Global Fraud and Risk Report from Kroll. Because of the high estimation of by and by recognizable data (PII), online business and banking parts have more terrible hit by such digital assaults. Ransomware is a significant worry for India, particularly the Indian Government, as they are frequently the hapless casualties of digital crooks who take significant passwords and assume responsibility for gadgets.
The ongoing mayhem about the plausibility of the biometric subtleties of scores of residents falling under the control of private gatherings left the whole country in a condition of stun. Although the Unique Identification Authority of India (UIDAI) has discredited such claims of information rupture made by a media house, this open frenzy has driven them to actualize more grounded firewalls, for example, virtual IDs and face acknowledgment for information assurance. The most widely recognized examples of digital assaults at associations have been email-based phishing assaults and afterward infection/worm assaults. An ongoing review shows that the three most basic focuses for digital hoodlums are client records, worker records, and competitive innovations. Contrasted with the 57% overall figure, about 80% Indian respondents said they felt themselves powerless against email-based phishing assaults, with other significant cybersecurity concerns being information erasure, information adjustment and infection/worm assaults.
What constitutes a Cyber Crime?
- Damaging computer source documents – Section 65 IT Act
- Electronic publication/transmission of obscene content – Section 67 IT Act
- Violation of privacy/confidentiality – Section 72 IT Act
- False publishing of Digital Signature Certificate – Section 73 IT Act
- Obtaining Digital Signature Certificate or license by falsification/suppression of fact – Section 71 IT Act)
- Any loss/damage to computer utility/resource – Section 66 (1) IT Act
- Unethical Hacking – Section 66 (2) IT Act
- Inability to comply with the orders of Certifying Authority – Section 68 I T Act
- Any illicit access or attempt to access a protected computer system – Section 70 IT Act
- Failure to help in decrypting any information as intercepted by a Govt Agency – Section 69 IT Act―CT Bureau
The innovation scene has been changing quickly, with changes over the most recent few years being generally exceptional and eccentric. A portion of the game-changing advancements that developed in this period incorporate cloud, huge information, versatile and web-based life, which offered new abilities and advantages for organizations, yet in addition presented new dangers. With broad appropriation, these advancements can possibly cut an opening into the ensured limit of endeavors and put delicate data in danger. In that capacity innovations keep on changing at a quickened pace, the related dangers could maybe increment in geometric movement.
Today, digital culprits are all around subsidized, persevering, refined and internationally planned. Their degree of information and the comprehension of new advancements overrides most others. This, combined with organizations attempting to coordinate their frameworks and procedures with new advances and stages, further expands the zones helpless against assaults.
The methodology of cybercrime was portrayed by the utilization of Trojans or worms, stunts, keyloggers, phishing and adware. The software engineers' attack vector was on a very basic level equivalent to the military strategy including 'mass shelling or submersion assaulting'. This was used by various countries during World War II, where a colossal number of unguided bombs would be dropped on the foe soil with no specific target. Software engineers used a comparative system and sought after the dominant part for even little gains per hit as for them there is no cost per ambush. With the turn of the decade and with progressively present-day computerized weaponry accessible to them, the software engineers turned their accentuation on dynamically compensating targets. As opposed to hurling their net around for little fish, they started seeking after the enormous whales. Ambushes on focus budgetary establishment, advanced unfaltering risks, ransomware attacks using social structuring and DDoS attacks using botnets made from the snare of things (IoT) devices have now wound up being the sort of the period. The cybersecurity controls sent have moreover created in the latest decade as the care among the affiliations has extended. As opposed to focusing on 'shirking' after the scene, the accentuation is directly on separating the ambushes consistently and responding to them in an appropriate manner.
Two of the key characteristics of the web are the tremendous number of customers and the borderless thought of the Internet, where an exhibition in one territory infiltrates to other far away landmasses, every so often inside minutes. These characteristics in like manner show that business can be driven speedier without physical travel or physical proximity, with quicker responses transversely over colossal detachments, and possibly influence an overall gathering of onlookers. While this mechanical advancement familiar inexhaustible points of interest with society, the disadvantage was not far behind. The movements made by enrolling and frameworks organization have indicated another condition in which people dynamically amass in the web to interface socially and fiscally, anyway these affiliations also have given an ideal. accommodating stage for the execution of bad behaviors. The characteristics of the web have not quite recently given a completely unique class of centers for bad behavior, yet furthermore have provoked an extension in the amount of computerized able individuals with a readied approach to do infringement that have an expansive impact.
Given that the usage of advancement in the present business condition conveys new risks to the fore, using old courses of action likely won't be the suitable reaction. New risks require new measures. There are novel issues related to cutting edge information and trades, for instance, storing and secured advancement issues, that must be considered. Thusly, notwithstanding the way that the new advancement empowers individuals to take an interest in worldwide business activity as at no other time, it similarly develops the scale and degree of the related threats. Development gadgets infer that preparing power, accessibility, and speed can spread diseases, deal systems, and compound botches immediately, perhaps impacting interconnected social affairs, growing costs of doing business to address such catastrophes, and hitting a greater target than even imagined. Cybercriminals devise continually new frameworks. New contraptions mean new vulnerabilities, and the preventive measures to beat these vulnerabilities disregard to keep pace with cybercriminals' ability to devise new frameworks. The noteworthy of this sort of bad behaviour is routinely inadequate. This is for the most part considering the way that a couple of bad behaviours go unnoticed and most of the way in light of the fact that the individuals being referred to (fiscal heads and associations) are watchful about declaring cybercrimes as a result of a neurotic dread of getting a terrible reputation and of their future business potential outcomes being affected by open presentation of their vulnerabilities. Associations must calculate these perils their business chance edges and keep away from potential hazard to fight against these vulnerabilities. Any sort of bad behaviour is socially ruinous; battling cybercrime isn't just an issue of attempting security endeavours through the medium itself, yet furthermore requires the establishment of preventive measures in the legitimate hover to address the situation.
Both the standard sorts of cybercrime and different cybercrimes essentially impact affiliations. Take the example of the remarkable worm that was pushed by Robert Morris in 1988. The Internet was still at its starting time when this worm influenced endless PCs, and it took a social event of specialists straightforwardly around three days to dispose of the worm, during which time gigantic amounts of the PCs must be separated from the structure. Today, one such snare can render a few affiliations revealed, confronting giant budgetary hardships and loss of notoriety. Loss of notoriety can even come about because of deceiving email. This happened in the Bank NSP case, where an association understudy of the bank was verified to be hitched to an immature who worked at another affiliation. She traded a few messages with her life assistant, utilizing the bank's PCs. Regardless, when the devotion was dropped, the understudy made fake email IDs, for example, "Indian bar affiliations", and sent messages to her ex's outside customers through the bank's PCs. The immature's affiliation lost different customers and arraigned the bank. The bank was held dedicated for the messages sent utilizing the bank's structure. From a corporate viewpoint, the most fundamental zone expected to be tended to be that of private data, especially in cross fringe correspondences. The assurance of protection and information can be gotten from different laws relating to data improvement, approved progression, and authentic obligations. The important legitimate act in India identifying with data improvement and cybercrime is the Information Technology Act of 2000. The Information Technology Act obliges shield against breaks in relationship with information from PC frameworks.
Cybercrime is continuously hard to recognize and harder to display than customary terrible conduct, as cybercriminals find better approaches to manage misuse the framework. The absence of clearness of the web and the extraterritorial (no jurisdictional) nature of such encroachment work to the upside of cybercriminals by engaging the execution of awful practices from remote domains, while addressing a monstrous test for criminological examiners and criminal experts. Cybercrime is an overall protected and high-compensate understanding. Outfitted with only a few essential aptitudes and a lot of efficiency, a cybercriminal can without a lot of a stretch move colossal wholes of cash transversely over nations or enter and wreck critical information and cause enormous naughtiness to the affected affiliations. It also can end up being a "dull terrible conduct" due to the nonappearance of data that law specialists have on its occasion and spread. Unmistakable confirmation of cybercrime is as frequently as conceivable maddening by virtue of nonappearance of mandatory uncovering portions and the principal new-age aptitudes to address, uncover, and indict it.77 The three fundamental factors that make the region, appraisal, and arraignment of cybercrime so testing are secret, non-detectable quality, and nonattendance of geological purposes of restriction. The present structure framework doesn't require a client to uncover facial, vocal, or physical highlights, or even his character by name. Under this secret, is on occasion difficult to recognize the awful practices took, off alone the hooligan. Along these lines, the general idea of cybercrime presents remarkable difficulties for the affirmation, evaluation, and arraignment of cybercriminals. In a cross-edge awful conduct, the arraignment of the offense requires the specialists to comprehend where the awful conduct has happened, trailed by the game plan of check and the blackguard being brought to starter. Cybercrime, regardless, presents veritable and complex genuine issues concerning both area and removal.
The reliable thought of the Internet has for quite a while been an overall stress that ought to be tended to. A part of the major issues related to all-inclusive joint effort in the region of cybercrime and criminal law are:
(1) The nonappearance of overall accord on implications of cybercrime.
(2) Jurisdictional assortments in dominance (and to a great extent the nonappearance of aptitude) concerning the police, specialists, and the courts in association with this criminal part.
(3) The insufficiency of existing laws for assessment and access to PC structures and frameworks, including the inapplicability of seizure powers for intangibles, for instance, motorized data.
(4) The nonappearance of harmonization between the distinctive national procedural laws concerning the assessment of cybercrime.
(5) The nonattendance of expulsion and basic assistance settlements and of synchronized law execution instruments that would permit overall interest, and the disappointment of existing courses of action to think about the components and extraordinary essentials of advanced security.
The Indian reaction rose in the 1998 National Informatics Policy gave by the National Taskforce on Information Technology and Software Development. The taskforce submitted three key reports recommending different measures to fabricate India's infotech industry and spread the utilization of IT in the nation. Ensuing to these discoveries, India passed the Information Technology Act in 2000. The most significant component of this Act is that it gets its ideas from the United Nations Commission on International Trade law (UNICTRAL) Model Law on Electronic Commerce. With thirteen parts involving ninety-three segments and four Schedules, the Indian Information Technology Act is an endeavour to change the obsolete laws and give approaches to bargain digital security and lawfully perceive electronic trade, computerized records, and advanced marks. Under the Information Technology Act, common risk and stringent criminal punishments might be forced on any individual who makes harm a PC or PC framework. No punishment forced or reallocation made under the Act will avoid the burden of some other discipline under some other law in power. Areas 65–68 of the Act remember arrangements for the discipline that can be dispensed for cybercrimes. Segment 66 explicitly manages the offense of hacking. Is fascinating that India has attempted to battle the earthbound idea of cybercrime by expanding the materialness of the Information Technology Act universally. Notwithstanding, its arrangements on punishments for cybercrime might be hard to force in the global field. Under Section 76 of the Information Technology Act, the mediating court likewise has the forces to reallocate any PC, PC framework, floppies, minimal circles, tape drives, or any extras in connection to which any arrangements of the Act are being disregarded. No punishment or reallocation made under this Act will influence the burden of some other discipline under some other law in power.
The overall effect of the Information Technology Act and its amendment, which is the amalgamation of Internet security and regulation becoming part of India’s legal framework, is the clear message that India is serious about identifying instances of cybercrime and penalizing offenders. From the perspective of e-commerce in India, the Information Technology Act has many positive aspects. In July 2013, India released its first National Cyber Security Policy. This Policy prescribes measures for securing cyberspace and critical infrastructure of India and covers a wide range of topics, from emergency response networks, private-public partnerships to national cybersecurity issues. The framework though comprehensive and "aspirational" has numerous lacunae. Probably as this is a policy framework, legally it is not soundly drafted. Further not only methodology but implementation of this policy also is suspect considering the manners in which in its nascent stage numerous bodies have been introduced with responsibilities for cybersecurity.
The Internet is constantly changing, and it is impossible to foresee the nature and possible scope of all the current and future opportunities for cybercriminals. Lawmakers at every level of government will need to watch and study the nature of human interactions with and via computers and networks, adapting laws to deal with the most pressing risks as they become apparent. Cybercrime’s potential for enormous cost to the economy, society, and national defense demands constant vigilance and ongoing efforts to develop feasible solutions to address new problems as they emerge. Appropriate steps need to be taken to constantly revamp laws and to educate law enforcers and legislators to recognize the changing face of crime. Self-protection is the prime tool. Organizations should focus on implementing cyber-security plans that address people, processes, and technology issues. Organizations need to commit the necessary resources to educate employees on security practices; develop systematic plans for the handling of sensitive data, records, and transactions; and incorporate robust security technology into their infrastructure. Therefore, to develop an effective solution to address cybercrime, an international response must be supplemented with public awareness, strong industrial support, and public-private partnerships.
The cybercrime is an invention of crimes made by a class of intellectual, sophisticated criminals. Since long time the criminal jurisprudence was totally ignorant of such types of crimes, although these were committed in different forms during early development of crimes and criminology. One can say that the cybercrimes started to operate when technology reaches its peak and took new tum to satisfy human needs and desires. These crimes contain the elements of blue colour and white colour crimes. These are blue colour crimes because these are not very different from other prototype crimes, though recognized by various names. These are also white colour in nature because crimes are usually committed by a class of criminals who are having knowledge about science and technologies. For this reason, I dare to say that cybercrimes are an amalgamation of blue colour and white colour crimes. The Internet is a vast worldwide network of powerful computer sensors which are constantly connected to each other via high speed communication cables. All the information that is on the Internet is stored on one of the servers. The Internet is a virtual space in which users send and receive e-mail, log in to remote computers, brouse-databases information and send and receive programmes contained in the computers.
The cybercrime is a primarily example of cross-border crime. The jurisdiction in this area is tricky and is still unclear. The Government of India has enacted Information Technology Act, 2000 to deal with cybercrimes. The Act further amends the Indian Penal Code, 1860, the Indian Evidence Act,1872 the Banker's Books Evidence Act 1891 and the Reserve Bank of India Act 1934. The cybercrime cell and police station have also been created for detection and investigation of such crimes. A multi-pronged strategy is required to fight along with legal measures. The cybercrime is a great threat to the human rights. The number of security attacks being designed to steal personal information is increasing with an accelerating pace. The attackers are targeting personal information to make a profit out of their operation and threatening the basic philosophy of 'right to live with dignity. As the cybercriminals are masters of using the modern Science and Technology and it is very much complicated for effective law enforcement. Sometimes, technologies provide benefits to criminals. Effective law enforcement is equally complicated by its transnational nature of cyber space. Cybercriminals can defy the conventional jurisdictional realms of sovereign nations. Cybercrime may originate in any part of the world and can pass easily across many national boundaries. Such a situations increase both the technical and legal complexities of investigating and prosecuting these crimes. The international harmonizing efforts, coordination and co-operation among various nations are required to combat cybercrimes.
The advanced country like the United States has enacted some Acts dealing with the cyber and intellectual property crimes. The Economic Espionage Act, enacted in 1996, created the first federal Sanctions for theft of trade secrets. In 1996, threats of virus attacks and disruptions of computer networks prompted the justice Department to create the computer crime and Intellectual property section within its Criminal Division. The United States also passed the Computer Fraud and Abuse Act. At this point of juncture some suggestions and opinions to tackle this new form of crimes have been made:
I. Improvement of technology is in need of the days. Cybercrimes are such types of crimes which can primarily be prevented along with other measures. Technological improvement may be helpful for detection, prevention and commission of such crimes. High standards for security and network reliability have to be required. Effective technological "locks" to prevent end users from copying and distributing copyrighted music in digital form.
2. Special Statutes on cybercrime is required to be passed to deal with the new form of crimes and to protect digital data. It will include Intellectual Property crimes and crimes relating to human rights.
3. The Government must create a special branch of Cybercrimes and Intellectual Property Crimes within its criminal infrastructure, so that the enforcement personnel may take quick action against the Cyber Criminals.
4. All sorts of infrastructure facilities are required to be available to the investigating officers, especially regarding mobility, connectivity, use of technology. Scientific training to be provided to the investigating officers to deal with the new problems under separate investigating agency to deal with the cybercrimes.
5. The Economic Espionage Act like law is required to pass for the protection of trade secrets, pragmatic steps are required to protect confidentiality of trade secrets during investigation and prosecution.
6. An Act having objectives to prevent computer fraud and abuses are to be enacted to combat criminal operations. It may be helpful particularly during investigation and prosecution of criminals. It will deal with security and safety of certain computers, computer networks and data stored on the computers and unauthorized access to Government Computers. The Act will also deal with hackers.
7. In case of digital technology, various problems are experienced. Problems of distribution, catching, protection of confidential information, payment mechanism of e-commerce are few among these. In view of such situation Intellectual Property Laws till require major amendment to deal with challenges posed by the internet and digital revolution.
8. It has been the fact that there are some grey areas in Intellectual Property regarding "domain name". Though the domain names are protected under relevant l.P. Law. There is scope of further amendment of such laws to make this clearer for ends of effective increase of commerce.
9. Good infrastructure and facilities be provided by the Government to the Cyber Crime Cell and the Cyber Crime Police Station to deal with cybercrimes.
10. With weak infrastructure facilities the police personnel facing tremendous problems in detecting and investigating of crimes and sometimes they feel helpless. To train law-enforcement personnel and the prosecution for understanding the technological aspects and their use in crimes. The Government must establish advanced cyber labs and provide different levels of training to police. Creating awareness on data security understanding cybercrime, to understand how to survey a crime scene and preservation of evidence, identification of digital evidence, understanding computer hardware and data storage. It also requires the maintenance of compulsory Register of every cyber cafe for detection of cybercriminals who are sending threat e-mails and are interested to practice such other acts involving the question of the country's safety and security.
11. The users are not aware of using computer and Internet. The ISPs must provide some sort of warning on the Internet. Awareness of general public and investigation agencies is essential. Active involvement of the Government is also essential. ISPs must be more accountable to the Government and to the public for providing required information. The Government has to frame stringent law upon the ISPs.
12. The punishment for commission of cybercrimes to be increased to deter future offence. It must not only be deterrent but must also be exemplary.
13. For increasing awareness the emphasis must be laid on cross-border investigation and exchange of measures for prevention of Cyber Crimes among various nations.
14. The Interpol, the Police Organization may be utilized for speedy exchange of information and materials required for prosecution of cyber criminals for its trans-border nature. In absence of extradition treaty with number of countries it has been difficult to apprehend the cyber criminals and to have necessary information from other countries when criminal operation is being done from other countries. It is therefore urgent need of time that Government may consider taking the help of Interpol. It is also intended that necessary legal provision should be included in the proposed new Act.
15. Alike Green Bench, a Special Bench for dealing with cybercrimes may be created at least in each and every High Courts. Special branch may also be created in every metropolitan cities and districts.
16. The last but the vital one is to train and equip judges and criminal lawyers and investigating and enforcement agencies to deal with this new transnational, complex, high-tech crimes to understand investigative and prosecution process that are unique to cybercrimes.