Beruflich Dokumente
Kultur Dokumente
5. The damage inflicted by cyber attackers may not be easily recognizable and in some cases, may even go
unnoticed. Even if an attack is successfully defended, it is possible to cover tracks and thus attribution of a
cyber attack, in some scenarios, becomes very difficult, if not impossible. Tracing a cyber attack is not easy as
Internet has no geographical boundaries and cuts across jurisdictions. There are no international
laws/agreements that could help in tracing cyber attacks. This makes it all the more difficult to fight back against
cyber warfare.
6. Cyber security is a complex issue that cuts across multiple domains and calls for multi-dimensional, multi
layered initiatives and responses. It has proved a challenge for govt, the task is made all the more difficult by
the inchoate and diffuse nature of the threats and the inability to frame an adequate response in the absence of
tangible perpetrators.
7. There is a urgent need to establish National Structure for Cyber Security which clearly defines roles and
responsibilities for every stakeholder, establishes coordination & information sharing mechanisms, focuses on
building Public Private Partnership models and creates environment for enhancing trust between the industry
and government. A fully empowered head for Cyber Security should be appointed, positioned at the highest
level within the government. Also we need to establish a Cyber Command within the defence forces to defend
the Indian Cyberspace. The Cyber Command should be equipped with defensive and offensive cyber weapons,
and manpower trained in cyber warfare.
METHODOLOGY
Statement of Problem (tujuan)
To study & analyse the need to establish unified cyber command at national level to include Services , suggest
its structure, envisaged role & capability in Cyber Warfare domain against ever increasing Cyber security threat,
to safeguard national interests.
Hypothesis
9. The present & future will see ever growing threat manifestation to national security from Cyber Space which
has become fifth dimension of warfare. India being pioneer in IT sector, can successfully secure itself from
cyber threat under a unified cyber command. Thus there is urgent need to establish unified cyber command at
national level in general & Services level in particular to counter the ever increasing cyber threat.
This essay has been submitted to us by a student in order to help you with your studies. This is not an example
of the work written by our professional essay writers.
Essay Writing ServiceDissertation Writing Service
Who wrote this essayPlace an Order
11. Given the importance of cyber security because of it being closely associated with national security. The
security situation in 2020 is bound to be far more complex and dangerous. The future will see wired society with
the e-governance, communication, power and transportation networks, financial transactions, health and
medicine, all dependent on the cyber domain. Alongside will be the aspect of increased transparency and
instant dissemination or democratisation of information. All this will also create vulnerabilities and impact on
security with disastrous consequences.
12. Today, sophisticated set of nation states and non-state actors are increasingly making efforts to intrude the
networked domain of its adversaries. The known activity is fraction of adversary exploitation and there is routine
exploitation of known vulnerabilities. The targets and intentions are clearly on gaining operational information
and foothold in the networked domain. Operating in a contested environment requires situational awareness
and improved defence against cyber attacks.
13. There is urgent need felt at national level and also at services level to understand the nature of threat from
cyber warfare and also defensive and offensive cyber warfare measures to be taken. The efforts in cyber
domain can only be organised and coordinated by establishing a unified cyber command at national level. Thus
there is need to study the structure, role and capabilities of cyber command in detail.
Scope
14. This study has concentrated on taking into account the threat posed by cyber warfare and understanding
the need to establish unified cyber command to safeguard national interests. This study proposes to suggest
the structure, role and capabilities of unified cyber command of India by carrying out in depth analysis of cyber
threat environment and studies of cyber command of developed countries.
CHAPTER 2
AN OVERVIEW ON CYBER SECURITY THREATS
AND CHALLENGES
Cyberspace and its Importance to Nations
1. Cyberspace has no boundaries, it is man-made and ever expanding. It comprises IT domain to include
computer networks, computer resources, all the fixed and mobile devices connected to the global Internet. In
the evolutionary stage of Internet, the key considerations were interoperability and availability. What started as
a closed user group involving academics from a few universities, was thrown open to the world and has grown
exponentially ever since. The rapidity in the development of information technology (IT) and the relative ease of
using applications has commercialised the use of cyberspace and its expansion dramatically in its brief
existence.
2. In todays networked world, cyberspace is considered as a national asset, it has enabled a host of business
and government services to citizens, efficient operations of critical infrastructure depends on it. In fact,
economies of many nations across the globe almost entirely depend upon technology in cyberspace. It has
become the lifeline of critical infrastructures such as energy, telecommunication, banking, stock exchanges, etc.
Businesses are leveraging technology to transform their business models. Defence and Police agencies are
making strategic use of technology to modernize.
3. Social networking has gripped the entire world and revolutionised the way people come together and change
the way they interact socially. It has not only initiated connections, but has managed to sustain the growing
interconnect by engaging people with different interests of their choice. Currently, Facebook has around 800
million users, which are expected to reach 1 billion by August 2012. Tweets on Twitter grew from 500 K in 2007
to more than 4 billion in Q1 of 2010, to over 1 billion tweets every week this year with a community of 225
million users.
The Arab Spring, Jasmine Revolution, Occupy Wall Street etc. have exemplified that the growing community of
hundreds of thousands of people can be mobilized for a cause through social media. In contrast, London riots
were supposedly fuelled by social media.
actors to national security is extremely grave. The government has taken a number of measures to counter the
use of cyberspace for terrorist-related activities, especially in the aftermath of the terrorist attack in Mumbai in
November 2008. Parliament passed amendments to the IT Act, with added emphasis on cyber terrorism and
cybercrime, with a number of amendments to existing sections and the addition of new sections, taking into
account these threats.
Further actions include the passing of rules such as the Information Technology (Guidelines for Cyber Cafe)
Rules, 2011 under the umbrella of the IT Act. In doing so, the government has had to walk a fine balance
between the fundamental rights to privacy under the Indian Constitution and national security requirements.
While cyber hactivism cannot quite be placed in the same class, many of its characteristics place it squarely in
the realm of cyber terrorism both in terms of methods and end goals [3] .
13. Cyber Espionage. Instances of cyber espionage are on rise with financial losses worth millions being
exfiltrated from the websites and networks of both government and private enterprises. The theft of intellectual
property from private enterprises is not an issue because R&D expenditure in India is only 0.7% of GDP, with
government expenditure accounting for 70% of that figure. Companies are also reluctant to disclose any attacks
and exfiltration of data, both because they could be held liable by their clients and also because they may suffer
a resultant loss of confidence of the public. As far as infiltration of government networks and computers is
concerned, cyber espionage has all but made the Official Secrets Act, 1923 redundant, with even the
computers in the Prime Ministers Office being accessed, according to reports. The governments currently can
only establish measures and protocols to ensure confidentiality, integrity and availability (CIA) of
data. Law enforcement and intelligence agencies have asked their governments for legal and operational
backing in their efforts to secure sensitive networks and undertake offensive against cyber spies and cyber
criminals who are often acting in tandem with each other, and probably with state backing. Offence may not,
necessarily the best form of defence in the case of cyber security, as seen in the
continued instances of servers of the various government departments being hacked and documents
exfiltrated.
25. Distributed Denial of Service. A variant of the denial-of-service attack that uses numerous hosts to perform
the attack.
26. Logic Bomb. A piece of programming code intentionally inserted into a software system that will cause a
malicious function to occur when one or more specified conditions are met.
27. Phishing. A digital form of social engineering that uses authentic looking, but fake, e-mails to request
information from users or direct them to a fake website that requests information.
28. Passive Wiretapping. The monitoring or recording of data, such as passwords transmitted in clear text,
while they are being transmitted over a communications link. This is done without altering or affecting the data.
29. Structured Query Language (SQL) Injection. An attack that involves the alteration of a database search in a
web-based application, which can be used to obtain unauthorized access to sensitive information in a
database.
30. Trojan Horse. A computer program that appears to have a useful function, but also has a hidden and
potentially malicious function that evades security mechanisms. For example, masquerading as a useful
program that a user would likely execute
31. Virus. A computer program that can copy itself and infect a computer without the permission or knowledge
of the user. A virus might corrupt or delete data on a computer, use e-mail programs to spread itself to other
computers or even erase everything on a hard disk. Unlike a computer worm, a virus requires human
involvement (usually unwitting) to propagate.
recovery, intelligence and information sharing mechanism, clarity in roles & responsibility of various agencies
and governments. Specified role of industry in public private partnership models is also lacking at the national
level. At the international level, absence of globally accepted norms featuring cooperation across jurisdictions to
track cyber criminals and their extradition is making it difficult for the law enforcing agencies to bring cyber
criminals to justice. Lack of adequate knowledge and training of law enforcing agencies and judiciary in many
countries for understanding cyber crimes and relevance of evidence in the form of cyber forensics.
36. Protection of critical information infrastructure has emerged as a major challenge. National Security has
traditionally (for air, land and sea) been the sole responsibility of the governments. The new responsibility of
securing the critical information infrastructure against the rising number of cyber attacks has come within the
ambit of national security. This new responsibility, however, does not lie solely with the government. Private
sector has a major role to play, as majority of the critical information infrastructure is owned and operated by the
private sector. However, private sectors investment in security is driven by business requirements and not by
national security concerns. So how can government intervene? By incentivizing or regulating the private sector?
There is an ongoing debate on which direction the nations should take. Many believe that market forces cannot
deliver the required investments and efforts for ensuring public safety and national security. Whereas some
believe that too much of government intervention through regulations can undermine business innovation. No
clear universal solution to this problem has emerged presently.
37. There is yet another area of global concern, namely the ICT global supply chain. Given the increased
dependence on global ICT products, especially in operating critical sectors and growing realization of cyber
risks, countries are doubting the integrity of these products, fearing that adversaries may introduce malicious
codes / functions to do surreptitious surveillance, disrupt services, or at worst paralyze a nation. Alleviating
such doubts and fears to continue benefitting
from global ICT supply chain is one of the biggest challenges the world faces in cyber security today. Where
some countries are trying to address this challenge by building global and national capabilities to address
supply chain risks without undermining the international competiveness and legitimate trade flow; others are
focusing on developing indigenous products to reduce the dependency on foreign players.
38. Another very important challenge requiring ongoing efforts is poor awareness and education about cyber
security threats and the need to follow best practices, across different levels ranging from school children to
top government officials, and management in the corporate world. Adding to the problem is the non-serious and
reactive approach towards security. Lack of knowledge and awareness among users increases the risk
manifold. Because of poor awareness, we become vulnerable and easy victims of social engineering attacks,
phishing sites, spurious email communications, etc. Many such cyber threats can be easily mitigated if
individuals are aware and vigilant.
39. Other major difficulties in addressing problems related to cyber security at an organizational level include:
lack of high quality software development; treatment of security function as a cost centre; compliance driven
approach to security; lack of multi-departmental coordinated roadmap; treatment of security as merely a
technology issue and not a management issue; and difficulty in calculating Return on Investment (RoI) for
security investments.
CHAPTER 3
INDIAN CYBERSPACE AND CYBER SECURITY
INITIATIVES
Indian Cyberspace
Indian cyberspace was born in 1975 with the establishment of National Informatics Centre (NIC) with an aim to
provide govt with IT solutions. Three networks (NWs) were set up between 1986 and 1988 to connect various
agencies of govt. These NWs were, INDONET which connected the IBM mainframe installations that made up
Indias computer infrastructure, NICNET (the NIC NW) a nationwide very small aperture terminal (VSAT) NW for
public sector organisations as well as to connect the central govt with the state govts and district
administrations, the third NW setup was ERNET (the Education and Research Network), to serve the academic
and research communities.
New Internet Policy of 1998 paved the way for services from multiple Internet service providers (ISPs) and gave
boost to the Internet user base grow from 1.4 million in 1999 to over 150 million by Dec 2012. Exponential
growth rate is attributed to increasing Internet access through mobile phones and tablets. Govt is making a
determined push to increase broadband penetration from its present level of about 6% [6] . The target for
broadband is 160 million households by 2016 under the National Broadband Plan. An indication in support of
the rapid pace of adaptation to the Internet in India is that, Indias top e-commerce retailer, Indian Railways, saw
its online sales go up from 19 million tickets in 2008 to 44 million in 2009, with a value of Rs. 3800 crore ($875
million) [7] .
3. Even though the Indian govt took a while to convert to computerisation, there has been an increasing thrust
on e-governance. The govts e-governance plan is seen as a cost-effective way of taking public services to the
masses across the country. Critical sectors such as Finance, Energy, Space, Telecommunications, Defence,
Transport, Land Records, Public Essential Services and Utilities, Law Enforcement and Security all increasingly
depend on NWs to relay data for both communication purpose and commercial transactions. The National egovernance Program (NeGP) is one of the most ambitious in the world and seeks to provide more than 1200
govt services online.
(a) Development of Infrastructure. Airports, metros, highways and augmentation of existing infrastructure which
include power generation, financial services, telecom, transportation, defence, etc. Nations critical
infrastructure are driven and controlled by ICT and it is getting increasingly dependent on IT this includes power
grids, air traffic controller, industrial systems, stock exchanges, banking, telecom among others.
(b) e-Governance. Govt is undertaking projects driven by IT to address social, economic and development
challenges in the country. Using IT, the govt intends to improve governance by increasing transparency, curbing
corruption, time bound delivery of govt services and ensuring financial inclusion. The National e-Governance
Plan (NeGP) is designed to take a holistic view of e-Governance initiatives across the country. The purpose is
to integrate the initiatives, into a collective vision for a shared cause of delivering benefits to citizens in the
remotest parts of the country. The ultimate objective of NeGP is to bring public services closer to home to all
citizens as given in the vision statement of NeGP [9] . The NeGP comprises 27 mission mode projects (MMPs)
and 8 common core and support infrastructure including State Wide Area Networks and State Data Centres.
(c) Aadhaar. The Aadhaar number provides unique identity, which will become acceptable across India. The
project promises to eliminate duplicate and fake identities through effective verification and authentication.
Many of the govts social benefit programs are envisaged to be linked with the Aadhaar number.
(d) e-Commerce. e-Commerce industry is witnessing phenomenal growth and expected to touch USD 10
billion, an increase of 47% from 2010 [10] . e-payments in India account for 35.3% of the total transactions in
terms of volume and 88.3% in terms of value [11] , card circulation both credit and debit was around 200 million
in 2010 [12] . The e-commerce is still an untapped potential considering the fact that the Internet
penetration [13] in India is only around 8% (rising exponentially) with around 120 million Internet users [14] and
India is projected to become the third largest Internet user base by 2013 [15] . With around 894 million mobile
subscribers [16] (as on December 2011), m-commerce market is a big opportunity, especially as it promises to
bring rural India into the realm of e-commerce.
connect all Army formations, units, training establishments and logistic installations in the country for secure
and direct information exchange [19] . Army also launched project Shakti a fully digitized and integrated
Artillery Combat Command and Control System (ACCCS), which is a network of military grade tactical
computers automating and providing decision support for all operational aspects of Artillery functions from the
corps down to a battery level. [20]
(g) Social Media. Social media is emerging as a very powerful phenomenon in Indian cyberspace with around
45 million [21] Indians using the social media and the number is increasing every day. It is revolutionizing the
way society interacts. Personal Information is becoming the economic commodity on which social networking is
thriving. Businesses, Non-Governmental Organizations (NGOs) and even the governments are using this
platform for variety of reasons which include communication, marketing, branding, awareness, etc. The social
media has also caught the attention of the governments and the regulators worldwide (for wrong reasons)
including the Indian govt and there is an on going debate on regulating the social media.
Threat Landscape
5. As nation its important for us to continue leveraging technology for overall development of the country &
improving lives of the citizens. Thus, it is crucial to comprehensively understand the risks associated with the
use of technology and operating in cyberspace. Cyberspace has become a new play field for non state actors &
it is getting increasingly linked to national security. The cyberspace is being used by terrorists to spread their
message, hire recruits, do encrypted communication, surreptitious surveillance, launch cyber attacks on govt
infrastructure, etc. Sophisticated use of technology was made by 26/11 Mumbai attackers which included
Global Positioning System equipment, satellite phones, BlackBerrys, CDs holding high-resolution satellite
images, multiple cellphones with switchable SIM cards, e-mails routed through servers in different locations,
which made it harder to trace them.
6. Cyber attacks targeted at critical information infrastructures (energy, telecom, financial services, defence,
and transportation) have the potential of adversely impacting a nations economy, public safety and citizens
lives. These critical infrastructures are mainly owned and operated by the private sector. For example, the
telecom sector is mostly owned by the private players, except Mahanagar Telephone Nigam Ltd. and Bharat
Sanchar Nigam Ltd. Bombay Stock Exchange and National Stock Exchange are private players wherein most
of the transactions are done through electronic medium. Airline industry is dominated by private players with Air
India being the only the govt enterprise, Energy & Utility sector though dominated by govt players, the
distribution is largely controlled by private partners. The banking sector has large number of private banks.
Business requirements and not national security concerns drive the investments made by these private players
in securing the infrastructure. This may leave possible security loop holes. India recently witnessed a cyber
attack on its state-of-the-art T3 terminal at New Delhi airport that made check-in counters of all airlines nonoperational causing public inconvenience. Stuxnet - the deadliest attack vector that has been designed so far &
which destroyed a nuclear reactor in Iran has reportedly infected systems in India [22] .
includes provisions for digital signatures, e-governance, e-commerce, data protection, cyber offences, critical
information infrastructure, interception & monitoring, blocking of websites and cyber terrorism [25] .
11. Policy Initiatives. The draft version of National Cyber Security Policy was released by the DIT in March 2011
for public consultation. The draft policy has been aimed to enable secure computing environment and adequate
trust and confidence in electronic transactions. The draft policy tries to layout the cyber security ecosystem for
the country. It covers the following:(a) Based on the key policy considerations and threat landscape, the draft policy identifies priority areas for
action.
(b) Identifies PPP as a key component.
(c) Identifies key actions to reduce security threats and vulnerabilities
in cyber forensics. Also, there are 28 State Forensic Labs (SFSLs) that are acquiring capabilities in cyber
forensics techniques and skills. Resource Centre for Cyber Forensics (RCCF) at Thiruvananthapuram, Kerala
under Centre for Development of Advanced Computing (CDAC) has been established to develop cyber forensic
tools and to provide technical support and necessary training to LEAs in the country [26] .
CHAPTER 4
4. Composition of CIW Board. The suggested composition of CIW board is as under:(a) Chairman. NSA.
(b) Members Govt. Cabinet Secretary, DG RAW, Secy DIT, Representatives from MHA, MEA, I&B, Ministry of
Power.
(c) Members MoD. CIDS(Or CDS when created) and DG DRDO.
(d) Private Sector. Chairman NASSCOM / DSCI.
(e) DG CIW.
(f) Member Secretary(Secy). Dy NSA.
5. Charter of CIW Board. The charter will include following tasks:(a) Overall review and formulation of policy for CIW.
(b) Formulation of strategy for meeting emerging threats.
(c) Ensure necessary coordination between all public and private agencies at the national level as also monitor
implementation of all aspects of CIW.
(d) Enuring all international treaties and agreements are vetted in keeping with needs of national security.
6. Composition of CIW Executive Committee (CIWEC). Dy NSA who is the Secy of the CIW board could chair
the CIWEC, DG CIW will be the Secy with support from the NSCS. He will be responsible to ensure day to day
coordination and follow up on all CIW issues and report to the apex body through Dy NSA. The composition of
this CIWEC could include:(a) Members Public Agencies. Chairman NTRO, DG CERT, Reps from MHA, RAW, CSIR, DIT, Public IT related
services, ie Finance, Railways, Telecom, Civil Aviation, Power, HR and I&B. Also reps from Rep from MEA who
is an expert on international agreements.
(b) Members MoD. Reps of Cyber Command & DRDO.
(c) Private Sector. Reps from NASSCOM / DSCI.
7. Charter of CIWEC. The charter will include issueing policy guidelines and monitoring all activities on a
regular basis. It will look into specific aspects such as proactive defence or protection of critical infrastructure.
The CSIWEC will meet at least once a month to oversee and report progress on all issues which include:(a) International cooperation and all agreements on IT with respect to needs of national security.
(b) Technology development for protection of NWs and systems, as
also proactive defence.
(c) Installation of systems, monitoring and response, especially for emergencies.
(d) Development of HR and public awareness. Recommendations for funding in this regard both in the public
and private spheres.
(e) Standardization and certification. This will include creation of test beds.
8. Organisation & Functioning. CIWEC should be an empowered body. DG CIW should ensure executive action
and compliance by agencies. All public agencies like the DRDO, HQ IDS, NTRO, DIT, National CERT, CSIR,
NIC are represented and could constitute its executive arms. For necessary coordination and follow up, the
office of DG CIW in NSCS must comprise of security, legal and technical experts. Policy and conduct of
offensive cyber operations could also be coordinated in consultation with unified cyber command.
CHAPTER 5
THE WAY AHEAD
General Recommendations
1. The rapidity & scale of cyber security threats is likely to grow manifold. This threat will pose a challenge to
national security. Thus there is urgent need for the government to adopt a cyber security policy & create a
organisation specifically to look into the cyber security of the nation. The govt should immediately adopt such a
policy so that urgent actions in a coordinated fashion can be taken to defend Indias economy and society
against cyber attacks.
needs to be defined and should clearly establish coordination and information sharing mechanisms, focus on
building PPP models and create environment for enhancing trust between the industry and government. The
increasing linkage between cyber security and national security and the involvement of multiple stakeholders, it
is very crucial that the cyber security in India is positioned at the highest level within the govt. This will give
cyber security the much needed impetus and will help address inter-agency concerns and improve
coordination.
4. The NSA, through NIB, should be made in charge of formulating and overseeing the implementation of the
countrys cyber security policy within the ambit of a larger national security policy. This body should be serviced
by the NSCS for policy measures and DIT and other departments (e.g. Telecom, space, etc.) for operational
measures.
5. Establishing of Cyber Coordination Centre. Cyber coordination centre at the operational level, should be
staffed by personnel from the relevant operational agencies. This centre would serve as a clearing-house,
assessing information arriving in real time and assigning responsibilities to the agencies concerned.
(a) Nodal Agency for Cyber Terrorism and Cyber Crime. MHA should be the nodal agency for handling cyber
terrorism as well as cyber crime. To handle cyber terrorism need to implement measures ranging from
monitoring and surveillance, investigation, prosecution, etc. Cyber terrorism should be part of the nations
overall counter terrorism capabilities. The National Counter Terrorism Centre being set up should have a strong
cyber component. NIB, with MHA as the nodal agency, should be tasked with the responsibility of formulating
and implementing a policy to deal with cyber terrorism. The issues of ethical hacking and immunity for defence
and intelligence officers should be considered. In dealing with cyber crime, some of the measures needed will
overlap with those required to deal with cyber terrorism but extra effort will be required to ensure greater
awareness, strengthening of the legal framework, law enforcement, prosecution, etc. Particular focus to be
placed on awareness and enforcement MHA.
(b) Nodal Agency for Cyber Warfare. Headquarters IDS should be the nodal agency for preparing the country
for cyber warfare in all its dimensions. Unified cyber command should be created in a time-bound manner with
both offensive and defensive components. Since cyberspace remains integral, there should be an appropriate
interface between defence and civilian departments.
(c) Cyber Security Education, R&D and Training. It should form an integral part of the national cyber security
strategy. The govt should set up a well-equipped National Cyber Security R&D Centre to do cutting edge cyber
security R&D. This could be a PPP endeavour. Cyber security research should also be encouraged in public
and private universities and institutions. DIT should formulate a roadmap for cyber security research in the
country. The countrys strengths in ICT should be leveraged. DRDO should conduct specialised research for
the armed forces and NTRO should do so for the countrys intelligence agencies.
(d) CERT for Cyberspace Situational Awareness. DITs CERT should be the nodal agency to create and share
cyberspace situational awareness in the country. DIT should make public awareness of risks, threats and
vulnerabilities in cyberspace and measures to mitigate it. Disaster management and recovery must be an
integral part of any national cyber security strategy. The DIT should coordinate its efforts with NDMA and also
other govt departments as well as private bodies.
Specific Recommendations
6. Building Technical and Hardware Capability. Adequate emphasis on building adequate technical capabilities
in cryptology, digital signatures, testing for malware in embedded systems, operating systems, fabrication of
specialised chips for defence and intelligence functions, search engines, artificial intelligence, routers, new
materials, SCADA systems, etc. Cyber security should be mandatory in computer science curriculum and even
separate programmes on cyber security should be contemplated.
12. Critical Infrastructure. Govt should initiate and create critical infrastructure to ensure implementation of
practices and provide necessary budgetary support for the same. Some of the steps to strengthen the
infrastructure should include following:(a) Develop security expertise for protection of CII by providing hands on training to professionals, especially
from the govt sector.
(b) Establish a mechanism for measuring preparedness of critical sectors such as security index, which
captures preparedness of the sector and assigns value to it. Operationalise the mechanism for routinely
monitoring preparedness.
(c) Govt should incorporate IT Supply Chain Security as an important element of e-security plan to address
security issues.
(d) Govt should promote R&D in private industry through active govt support for industry-led research projects
in the areas of security. Establish enabling mechanisms to facilitate this.
(e) Govt need to focus on creating a workforce of security professionals in the country keeping in view the
requirements of the future.
(f) PPP model should be explored for taking security to the regions and industry sectors.
(g) Strengthening telecom security is the key pillars of cyber security, especially through development of
standards and establishment of testing labs for telecom infrastructure (equipment, hardware).
(h) Capacity building in the area of cyber crime and cyber forensics in terms of infrastructure, expertise and
availability of HR and cooperation between industry, LEAs and judiciary.
13. Legal. Legal framework with regards cyber aspects in the country needs to be strengthened and awareness
with regards to cyber laws needs to be created. The following actions will strengthen the legal aspects in
cyberspace:(a) Need for trained and qualified experts to deal with the highly specialised field of cyber security. Awareness
with regard to the threat to ICT infrastructure needs to be created and the necessary legal provisions to ensure
cyber safety must be developed.
(b) Substantive laws dealing with illegal access, illegal interception, data interference, misuse of devices,
computer-related forgery, child pornography, etc. must be implemented.
(c) Procedural laws need to be in place to achieve cooperation and coordination of international organisations
and govts to investigate and prosecute cyber criminals.
(d) The police must work closely with both govt and non-govt agencies, Interpol and the public at large to
develop a comprehensive strategy to address the problems.
(e) Lobbying at an international level for the harmonisation of existing national legislation to ensure that such
laws provide a fair measure of deterrence to cyber criminals and cyber terrorists, thereby making cyberspace a
safer place for national and international transactions.
(f) Government must put in place necessary amendments in existing laws or enact a new legislation like a Data
Protection/Privacy Act so as to safeguard against the misuse of personal information by various govt agencies
and protect individual privacy.
14. Miscellaneous. The following miscellaneous recommendations also need to be studied and analysed
thoroughly to ensure full proof cyber security at national level:-
(a) Examine the impact of cloud computing and wireless technologies and formulate appropriate policies.
(b) Make it a mandatory requirement for all govt organisations and private enterprises to have a designated
Chief Information Security Officer (CISO) who would be responsible for cyber security.
(c) Establishment of a cyber range to test cyber readiness.
(d) More powers to sectoral CERTs.
(e) Establish an online mechanism for cyber crime-related complaints to be recorded.
CHAPTER 6
CONCLUSION
1. Cyber security, today forms integral part of national security and will continue to be on the govts policy
agenda. As the threat scenario evolves and the fifth dimension is becoming a complex gambit, there is need for
critical information infrastructure protection, government services delivery, public sector services along with
industry and national defence will have to respond with appropriate cyber security policies that will involve
implementation and testing of security practices.
2. Cyberspace being the fifth common space, it is imperative that there be coordination, cooperation and
uniformity of legal measures among all nations with respect to cyberspace. The exponential growth of
cyberspace is possibly the greatest development of the current century. Unfortunately, this development has
also led to the near-simultaneous growth of the misuse of cyberspace by cyber criminals and in recent times.
Cyberspace has been vulnerable to a large number of attacks on crucial information infrastructure by cyber
terrorists.
3. LEAs will require upgradation of training and cyber forensics tools; R&D in cutting edge security technology
will be essential. All of these and many other projects of national importance will be conceptualised and
implemented in PPP. The policy scenario will evolve too. This calls for a vibrant relationship between the
government and the industry. To protect own cyberspace and create vulnerabilities for the hostile nations, it will
be a vital step to establish unified cyber command at national level. Various models already exist and stood
tests of time, thus we need to understand the urgent requirement of creating a structure to pose a credible
minimum deterrence as far as cyberspace is concerned. Though establishment of cyber command only, is not
going to solve the problem, but a wholesome approach will be required at national level to include all stake
holders in curbing cyber crime and cyber terrorism. To meet this end, it is the need of the hour that nations of
the world cooperate and make constructive efforts to reduce vulnerabilities, threats and risks to manageable
levels
4. It is time that the countries of the world, including India, realise that a well protected cyberspace would only
be an asset to developing and developed nations alike. With regard to the present legal situation in India,
certain commendable advances have taken place that have placed India in a relatively strong position.
However, there are still gaping loopholes not only in legislation but also investigation and enforcement that have
allowed India to become prey to cyber crime.