Cyber Security

As the world is increasingly getting interconnected, everyone shares the

responsibility of securing cyberspace. - Newton Lee

Introduction:
With the advent of the Fourth Industrial Revolution, the world is all set to witness increased role
of cyberspace in our day-to-day lives. Cyberspace refers to all IT networks, digital peripherals and all
fix and mobile resources connected through global network- The Internet

This is expected to change the entire global IT landscape in a manner that was imagined never before!
The whole world would literally be operating with the help of networks of millions and millions inter-
connected networks located in various continents and transferring data across the vast oceans and
distantly orbiting satellites in the space. While these technological advancements have certainly
brought in immense benefits at the disposal of the mankind, it has also raised some very serious
concerns regarding cyberspace security and its sustenance.

Cyber-experts, technology enthusiasts, policymakers, political leaders, etc. and people from all other
sectors have been flagging these genuine concerns since a long time. But the ignorance from the
world community coupled with advancements in cyberspace technology by leap and bounds have
only aggravated the situation. In current scenario, cyber threats are not only real but potentially could
be proved even more dangerous than the existing conventional security threats. These grave cyber
security concerns are evidently being used by terrorists and fringe elements to destabilize the world
order, peace, security and world diplomacy.

This has also fuelled the debate over the possible solutions of cyber security threats, control over
cyberspace and the nature of stack-holding in context of its management. Numerous Research and
Developments (R&D) is going on to find sustainable security framework for cyber threats. The world
community has focused attention over this issue and the bilateral and multilateral summits are
increasingly covering this issue with great emphasis. Since the cyberspace does not belong
exclusively to a single country, and it spread through the continents disregarding the territorial
borders, the increasing international co-operation over the issue is certainly a positive development.

Mapping Cyber Security:

As we have discussed earlier that the Cyber security is not a uni-dimensional subject. It is, in fact, as
complex as the nature of cyberspace and therefore, a large number of actors are involved in this.
Though, it may not possible to discuss each and every minor details of the subject, we could map the
topic broadly as following:

Protection of critical information structure: This broadly entails all essential cyberspace
structure that are indispensible to run a modern society s needs such as energy, water,
medical facilities, banking and finance etc. These are very prone to cyber attacks mainly due
to two reasons:
1. Its overwhelming reliability over internet and inter-connected grids in order to
function.
 2. It forms the backbone of a country and more precisely, of an economy.

Due to these two points, these critical information structures always remain extremely
vulnerable to cyber attacks and the governments as well as the private sectors needs to invest
more purposefully in cyber security in order to safeguard these vital interests.

Cybercrimes: This is another major aspect of cyber security. Any criminal activity that
involves internet or computer systems is counted among cyber crimes. With the evolvement
of new cyber technologies, the cyber crimes have also undergone significant evolution. The
traditional cyber space crimes such as Phishing (stealing sensitive information using
cyberspace and cyber technology) are increasingly being replaced by new and innovative
cyber crimes such as Denial of service attacks, pay per click frauds, child pornography,
developing cyber crime tools to facilitate global crimes etc. More worrisome is that in the
light of increasing outreach of internet, the cybercrimes are also spreading in rural areas
where the people due to lack of cyber knowledge are even more vulnerable to cyber attacks.
No country can fight effectively against cybercrimes alone because of its the nature of the
cyber space itself. Cyber crimes are often accomplished through a series of networks
originated in different geographical locations, which make it hard for intelligence agencies to
prevent such attacks. This is where global co-operation comes into play. The international co-
operation could offer many, though not all , to these increasing cyber crimes.

Cyber terrorism: Cyber terrorism is a sub-group of cyber crimes but the only difference
between two is that the Cyber terrorism is not motivated with an aim of personal gain. Unlike
cyber crimes, which may directed against an individual as well as entire country, the cyber
terrorism is always directed against a particular society or a country. Rampant proliferation of
cyber technology and global online connectivity has given a thrust to cyber terrorism resulting
into increased frequent cyber terrorist attacks on critical cyber infrastructure across the world.

Cyber conflicts: One major emerging dimension of cyberspace that is very much relevant to
ongoing talks of co-operation on cyber security is Cyber conflicts. Incidents of cyber
conflicts are visible very much in global media now-a-days but without sound evidences and
concrete citations. This could possibly be a deal breaker of ongoing talks related to
international co-operation on cyber security. Covert and overt conflicting engagements over
cyber space through cyber means have emerged as a major challenge for defence
establishments across the globe to deal with. It has threatened the world peace like no other.
Seeing the past severe geo-political ramifications of these cyber conflicts, it can truly be
termed as potential fourth front of conventional warfare after land, water and sea. We have
seen how disastrous these cyber conflicts could be for global peace and international co-
operation in case of Stuxnet Case when the west sponsored cyber attacks on Iranian nuclear
facilities further derailed the already tough peace talks between Iran and P-5 +1 (USA, UK.
Germany, France, Japan and China)
Challenges in Cyber Security:

Cyber Security: Challenges

Due to constantly evolving nature of modern IT age and other issues involved, cyber security
remains a major concern for security authorities and policymakers in India.

In this modern era, all departments, including administration itself, have gone online
and thereby, involve major cyber concerns. In light of this, securing critical
infrastructures such as air defence system, nuclear establishments, power and
banking operations, telecommunication etc, from cyber attacks has become crucial
to national security.
Despite of being an IT superpower, there is woeful shortage of Cyber experts in the
country. Government and private sector shall not only be needed to employ more
cyber experts but also strengthen skills of existing working cyber professionals as the
emerging new challenges in cyber space are very dynamic per se.
In recent time, there is unprecedented surge in incidents of snooping operations by
US and other nations. This has resulted in compromising critical national information
metadata and privacy of our citizens. Additionally, cyber world is also seeing the
increasing number of proxy-cyber war across the borders. This is perhaps the biggest
potential threat to our national cyber security.
Private participation in cyber security still remains a distant dream for India. Despite
of having a dedicated National Cyber Security Policy, which was envisaged in 2013
and emphasised on Public-Private Partnership (PPP) model, government has not
succeeded to scale up the private participation in Cyber security.
 According to National Crime Record Bureau (NCRB) report-2016, number of cyber
crimes and other online frauds incidents are increasingly going up. Thus, curbing
serious cyber crimes, like credit card frauds, spoofing, online stalking, child-
pornography, etc are vital to socio-economic wellbeing of India.

Other issues:

Lack of Indigenisation: Indias cyber security architecture is overwhelmingly

dependent on other foreign non-state actors for web-security concerns. India
imports large scale of electronics and other web-using gadgets. This has generated
genuine web security concerns.
Weak Global Internet governance: Lack of impartial global Internet governance
remains another major impediment in achieving reliable cyber security environment
within country.
Ineffective Cyber Regulation and poor implementation: Most of social networking
websites have their root servers out of the Indian Territory. This can be resulted into
possible abusing of these critical metadata. In addition, social networking sites are
increasingly playing a significant role in social, political and economic landscapes of
the country; therefore any discrepancies in regulation can be turned into grave
socio-politico turbulence as we are evident of Arab-spring in middle east region.
Lack of Accountability: Many cyber security related projects are managed by Indian
security and intelligence agencies without any parliamentary approval and oversight.
The intelligence infrastructure of India needs transparency and reforms. Without
this cyber immunity cannot be granted to these agencies. India must
also reconcile civil liberties and national security requirements while protecting
Indian cyberspace.
Absence of diplomacy and international co-ordination in Cyber security: India
needs to work at the international diplomacy and cooperation levels as well.
Recently India opposed the idea of including cyber security technologies under the
Wassenaar Arrangement as till date India is not self dependent in this field.
However, once local competence is achieved, such issues would not bother India
anymore.

As with every other technological advancement, the challenges attached with the cyberspace security
is also quite daunting and complex. These significant challenges need focused approach, sustained
efforts, constructive involvement and resource availability to be tackled.

Some of these formidable challenges could be enlisted as following:

Ownership and responsibility: Nations across the world have been investing heavily to
develop critical infrastructure in order to run Information and Communication Technology
(ICT)-based governance framework smoothly. Recently, India itself has launched its
ambitious ICT project Digital India aspiring to connect the entire country through vast
digital network. And not to mention, many more such ICT projects are already unveiled by
 the government and are waiting in queue to be implemented soon. However, the critical
question that remains is about finance. These ambitious projects, of course, require huge
capital investment which public exchequer cannot meet alone. Private investment remains
crucial for these projects to be successful. And on expected lines, the government has devised
policies targeting the private investments. Today, a large section of governments cyberspace
infrastructure owned and run by the private players and here the question of security comes.
Is the security only the private sectors responsibility? Does this mean that the government
role is very confined in security matters? These are some pressing issues that are governments
across the world are grappling with. All these pressing questions need to underscore that the
cyber security is not merely a security issue but a management issue involving multi-sectoral
issues.
Data Security and privacy: As mentioned above, the increased share of cyberspace in our
day-to-day lives has made data security an even more important concern. Today, when our
interaction with the web in any form generates a significant digital footprint, the security of
data and privacy are two most pressing challenges as far as cyber security is concerned. Only
recently, the US surveillance agency, NSA has been globally condemned for its mass
surveillance programs. This has emerged as a significant eye opener for data security and
privacy concerns. Though civil societies along with NGOs are negotiations with various
governments and international watchdogs, yet a consensus is very much warranted at this
crucial juncture of cyber evolution. These unsecured data and unwanted intrusion on our
privacy could create sever social and law and order problems and can even threaten the world
peace
Resource mobilization: Securing web-space requires massive investment in critical ICT
infrastructure. In a time, when the governments have very limited resources to invest in cyber
security, the threats from potential dangers increases manifolds and this also highlights how
critical challenge is the management of resource mobilization. Innovation, technology
breakthrough and financial efficiency are way forwards to tackle this challenge. However,
these could be met only through co-ordinated efforts, collaboration with domestic and
international private sectors, and effective and efficient entrepreneurial management of
available dedicated resources for cyberspace.
Institutional Capacity: Institutional capacity has very strong bearing over overall cyber
security framework. A country must have agile, technologically sound, and unambiguous and
always alert institutional capacity to handle challenges related to cyber security.
International co-operation: One of the biggest developments that has emerged in
contemporary discourse of international co-operation in cyber security is the nature of
governance of cyber space. The world seems to be divided into two major blocs- USA led
first bloc is advocating for keep the nature of cyberspace governance as status-quo, i,e on
existing model of non-governmental organisations- based governance, while the other one is
more inclined towards making cyberspace governance of inter-governmental nature. The rift
has been referred by many as Digital Cold War. However, the efforts are underway to
resolve the deadlock and the success of the talks would be, when the conclusion may arise
within the zone of possible agreement.
Indias preparedness on cyber security:

Getting nerve of the situation, the government of India has quickly focused over devising
comprehensive strategy to deal with the danger of cyber warfare and allied vulnerabilities. It has
placed various defence institutional structures to counter such attacks in its cyber domain.

National Cyber Security Policy, 2013

In 2013, Ministry of Communication and Information Technology of the Government of India had
released the National Cyber Security Policy to protect information, such as personal information,
financial/banking information, sovereign data etc.

The policy seeks to set up different bodies to deal with various levels of threat, along with a
national nodal agency, to coordinate all matters related to cyber security. The government has
also proposed to set up a National Critical Information Protection Centre (NCIIPC), which
will act as a 24*7 centre to ward off cyber security threats in strategic areas such as air
control, nuclear and space.
It will function under the National Technical Research Organization, a technical intelligence
gathering agency controlled directly by the National Security Adviser in the Prime Ministers
Office. The existing agency, Computer Emergency Response Team (CERT) will handle all
public and private infrastructures. As part of the policy, the government has proposed to
create a workforce of around 500,000 trained in cyber security. It also proposes to provide
fiscal benefits to businesses to adopt best security practices.

The salient features of the policy cover the following aspects:

Vision and Mission statement for cyber security ecosystem: A vision and mission
statement aimed at building a secure and resilient cyber space for citizens, businesses and
the Government. Enabling goals aimed at reducing national vulnerability to cyber attacks,
 preventing cyber attacks and cyber crimes, minimizing response and recover time and
effective cyber crime investigation and prosecution.
Framework for securing information in Cyber Space: Focused action at the level of
Government, public-private partnership arrangements, cyber security related technology
actions, protection of critical information infrastructure and national alerts and advice
mechanism, awareness & capacity building and promoting information sharing and
cooperation.
Research & Development in indigenous security technology: Enhancing cooperation
and coordination between all the stakeholder entities within the country. Objectives and
strategies in support of the National cyber security vision and mission.
Framework and initiatives that can be pursued at the Govt. level, sectoral levels as well as
in public private partnership mode. Facilitating monitoring key trends at the national
level such as trends in cyber security compliance, cyber attacks, cyber crime and cyber
infrastructure growth.
Organizations to have customized security system on par with international standards
Creating a work force of 500,000 cyber specialists
1. Creating National Critical Information Infrastructure Protection Centre
2. Stress on PPP mode in order to develop essential infrastructure critical to cyber
warfare tactics.
IT (amendment) Act, 2008
To build capabilities to prevent & respond to cyber financial threats.
Focusing on data privacy & Information security.
Increasing the ambit of crime to effectively safeguard the financial, economic and strategic
interests.
Information Technology (IT) Act, 2000: Issues
Information Technology Act was enacted in 2000 and amended in 2008, is the statutory backbone of
cyber regulation in India. In amended version, it accommodated exhaustively the issues associated
with cyber terrorism and data security. It was criticised by civil societies and several NGOs for
being anti-freedom tool for state and also they are apprehensive about its possible misusages by
government.
However, in particular following two sections of IT Act,2000 are controversial.
Section 69 : It empowers the Central Government/State Government/ its authorized agency to
intercept, monitor or decrypt any information generated, transmitted, received or stored in any
computer resource if it is necessary or expedient so to do in the interest of
1. the sovereignty or integrity of India,
2. defence of India
3. Security of the State
4. friendly relations with foreign States or public order
5. Preventing incitement to the commission of any cognizable offence

Section 66-A: The 66A section of the IT Act, 2000 has been criticized for being repugnant
over the Fundamental Right of Freedom of Expression under Article 19. The Section 66A, which
restricts freedom of speech and expression over internet and other electronic mediums, prima facie,
goes much beyond the restrictions mentioned. For example, it criminalizes sending messages which
"cause annoyance" or "hurt" sentiments or are "knowing wrong" or even "blasphemous"! The irony is
that many of these actions are perfectly valid over other forms of media like print. So while an article
may be entirely legal when a newspaper prints it, if one sends it over internet one can be arrested! One
also wonders how can blasphemy be a crime in a plural and secular country like India. On these
grounds, this section is widely criticized. It has led to numerous abuses reported by the press.
Specialized counter-offensive cyber expert bodies:
National Informatics Centre:
CERT-In:
National Information Security Assurance Program and NTRO :
More recently, Central Monitoring System (CMS):

Do these laws ensure cyber security of our critical infrastructure?

Though positive step ahead, laws are not comprehensive and does not cover wide range of cyber
crimes. Following limitations on part of our institutional cyber defence system are pretty much
apparent:

No mention of cloud computing & social networking sites

No mention of defence fibre optic network an important component
No umbrella regulatory policy or organization to deliver effective framework in India.
CMS and IT acts have been open to constant controversies.

Cyber space does not differentiate between state & non-state actors. So wide consultation &
collaboration is should be the first criteria to devise any comprehensive multi-pronged strategy for
cyber security and cyber defence. Inter-governmental co-operation and discussion platforms like
Indo-US Security forum, etc must be promoted. Proper structure of global internet governance and
consensus among varying nations is need of the hour.