Technological advances

have brought many

conveniences to modern
society. One of the most
important benefits is the
‘’any where any time’’
paradigm.

Ban ki moon : Internet is prime example of how terrorist can behave in a truly transnational way, in response state need to
think and function in equally transnational way

Cybercrime Definition
Computer crime, or cybercrime, is crime that involves a computer and a network. The computer may have been used in the commission
of a crime, or it may be the target. It is faceless and borderless and so is difficult to tackle.

International telecommunication union defined cyber security: collection of tool policies , safeguards, guideline,
risk management, training, best practices, technologies to protect the cyber environment

In India, there has been a surge of about 350 percent in cybercrime cases registered from the year of 2011 to 2014,
according to a study by ASSOCHAM.

As fabric of connectivity has broadened the volume of electronic exchange through cyber space has grown dramatically and
grown beyond traditional trafiic with this IT infrastructure has become integral part of critical infrastructure of country as
its increasingly supporting critical national capabilities eg power grids,financial system, air control traffic.

The growing concern of internal security through communication network is due to complex structure, trans boundary
operation, un controlled flow of content with rising risk of cyber attack

Increasing dependence of people and government across Globe over IT has alos led to rising threats to cyber
security through cyber crime, cyber attack and cyber war

McAfee: lost 8 billion dollar due to cyber attack in 2011, 14000 website hacked in 2012. Ranked 5th in terms of e
commerce security breach

A recent ASSOCHAM-PwC study found that cybercrime in India surged almost 300% between 2011 and 2014.

(CERT-In), the national agency tasked with maintaining cyber security, reported more than 50,000 security
incidents in 2015. With the push towards digital transactions, this number will only grow

Cyberspace was primarily intended as a civilian space,, become a new domain of warfare. Stuxnet cyber-attack
(2010) 2007 Estonia Russian hacker, Ukraine critical infrastructure.
At least 140 nations have cyber war programmes. US Cyber Command,NATO has a separate "Tallinn manual"

Malware infection index 2016 Asia Pacific region is especially vulnerable

Why India more vulnerable and security needed

1. No national security architecture

2. push for digital economy , critical infrastructure eg financial sector getting inter connected
3. massive gap between the security offered by the cheapest phone and a high-end smart phone
4. lack of control over hardware used by Indian Internet users
5. cyber world borderless
6. lack of coordination among agencies

India's Vulnerabilities in cyberspace

Although Government has set up National Critical Information Infrastructure Protection Centre (NCIIPC) to protect the
critical information infrastructure in the country it is yet to identify and implement measures to protect “critical
information infrastructure

measure to appoint National Cyber Security Coordinator in 2014 not been supplemented by creating liaison office in States

Computer Emergency Response Team (CERT-In) is woefully understaffed.

Private sector failure to report and respond to breaches in digital network : Interpol less than 10% cases registered

neither voluntary, sector-specific standards for reporting data breaches nor industry backchannels for sharing confidential
security information.

most Indian companies that rely on Gmail for official communication also do not make 2FA (two factor authentication)
mandatory for its employees

International threat of a cyber-war from countries like China and Pakistan

Measures: recommendation of interdepartmental information security task force

Launch of cyber swacchta Kendra : part of digital india under MEiTY, System will be scanned by Cert In

Annocucement made : NCCC oprationalised by june, sectoral certs and certs at state level, more standardization
testing and quality certification, facilities to be set up, forensic labs

(CERT-IN); national nodal agency since 2004 for responding to cyber security

 Signed cooperation pacts: counterparts in Malaysia, Singapore and Japan for cyber security.
 sectoral Certs in power sector banking .
 tie up software and cyber security companies Microsoft, Redhat ,Cisco, Macfee,Quickheel

National Cyber Security Policy (2013) lack of clarity and comprehensive objective

Mandated implementation of security policies in accordance with ISO 27001

National Cyber Coordination Centre (NCCC) formation is being expedited

CertIn setting Botnet Cleaning and Malware Analysis Centre for detection of malware infection

National Technical Research Organization [NTRO]

 secure critical cyber security infrastructure
 provide important technical intelligence to all three defence forces.
Need to set Indian Cyber Crime Coordination Center (I4C) Gulsan Rai committee for inter agency collaboration

Amendment of IT act

Maharashtra first state to have a cyber-police station in each district simultaneously

What are the proposed measures?

State Certs in Maharashtra, Tamil Nadu, Telangana, Kerala and Jharkhand are being planned.

Organizations with a significant IT infrastructure: appoint cyber security officers.

“National Social Media Policy” to counter the cyber-threat, propaganda

Tri service cyber command for its armed forces

Establish cyber security training centre thorough public private partnership

Need to increase spending: NASSCOM’s Data Security Council of India, average spend on cyber security is about
2 to 3 per cent of the total IT spending — at about $1.5 to 2 billion

Public Private Partnership (PPP) to combat cybercrime: One example is the National Cyber Forensic Training
Alliance (NCFTA) in the U.S. partnerships with subject matter experts in the public, private, and academic sectors.

Given the borderless nature of cybercrimes, state police agencies need to be able to pursue offenders without
worrying about jurisdiction. To allow for this, a pan-India cyber-enforcement force must be considered.

Permanent and semi-permanent staff that is technically proficient in cyber operations,

National cyber registry: identification of a talent pool, assist professionals to enhance respective domain
knowledge

Advance technology: Big data analytics, Air gapping, cloud computing techniques.

Need for cyber crime treaty: Budapest convention first international treaty has several lacuna: not prepared by
taking consent of all nation, non EU member can’t modify it, country can refuse to cooperate even after ratifying

Try and replace Tallinn Manuel with a binding treaty on the law of cyber warfare

Encourage and incentivise ethical hacking: highlight loophole in the system

Democratization of internet governance: function of ICANN must pass to UN

Russia has offered quantum cryptography: hack proof communication in areas like banking and national security.

Sum up: secure software, best practices eg firewall, network, legal procedure, threat perception and mapping,
identifying critical infrastructure international coordination and treaty, democratization of governance.

Concern

Protect right to privacy: India’s Central Monitoring System (CMS) gives govt. the absolute power to monitor all
phone and online communication in the country examples: Gujarat snooping

Draft National Encryption policy: world over, administrations have sought weaker encryption standards , backdoor
access to Internet products. Present this as a public safety vs privacy issue.
Lack of national security architecture civilian institutions , armed forces have their own insulated platforms to
counter cyber-attacks. ,national Cyber Security Coordinator in 2014
Cyber crime : computer is a target, accessory, weapon : it can range from downloading illegal music to stealing
million of dollor in bank to non monetary offece eg distributing virus, identity theft via phising

Cyber attack : attack from one computer to another using a network . Denial of service, virus, spyware malware
attack, website defacement

Cyber warfare: action by nation state or international organisation . politically motivated to damange other nation
information system. It is also considered as fifth omain of warfare after land sea air and space