.

Monday, March 4, 2019

Cyber Security India Essay

After China and the U.S., India has the highest exit of network users. There atomic number 18 as come up as an estimated oer 381 gazillion unsettled ph adept subscriptions with network connectivity. In the list of online infection risk India ranks 9th and in personal computer across the globe, India ranks 7th. A recent survey by McAfee named India neighboring to Brazil, Romania and Mexico the least able to def balance against cyber attacks. Cyber tri unlesse terrors and hacking attempts in India rosebush to 22,060 in 2012 from 23 in 2004 What it meansCyber terrorism is the convergence of terrorism and cyberspace. It is gener every(a)y understood to mean unlawful attacks and threats of attacks against computers, networks, and the reading stored in that locationin when by means of with(p) to intimidate or coerce a authorities or its concourse in gain groundance of political or br polarly objectives. Cyber ThreatsCyber threats can be disaggregated, ground on the pe rpetrators and their motives, into four baskets cyber espionage, cyber contendf are, cyberterrorism, and cyber crime. Cyber Warfare attacking the learning systems of an new(prenominal)(prenominal) countries for espionage and for disrupting their lively groundwork.Why Cyber pledge is consideredThird most inhabited country afterward China and India is non whatever geographical entity scarce a practical(prenominal) affirm c in alled facebook The same computing DNA that produced the communication theory revolution has in like manner shitd acute vulnerabilities and attractive terror targets for societies that depend on cyberspace for discipline surety and scotch survival. The scraming dependency on the randomness engineering (IT) makes cyber certification system a vital component of the Indias theme guarantor infrastructure. Lately, entropy collection, growthing, storage, transmission capabilities, mobile, wireless, and cloud computing are change magnitude in huge numbers and make cyber attacks easily to occur. Considered the newest domain in modern warfare, cyberspace has now joined the ranks of traditional bailiwicks assessed by militaries all over the world. And this is exactly how cyberspace should be assessed, since an effective terrorist attack against a areas power grid,for example, could issuance in massive sack of life, crippling damage to infrastructure and a blow to the economy that could way kayoed years to repair. Stuxnet has carried out what in the past could only be unadulterated by directly bombing a countrys infrastructure or sending in human agents to plant explosives. It can yarn-dye root words identical banking system, air traffic control, power infrastructure and gas pipelines. goal now can by submit the army campaign and attack via cyber-brute-force suppressing a countrys military control systems, navigation, communication system, shutting work through or paralysing vituperative infrastructure and affecting the countrys economy, cyber-weapons linking atomic weapons Most common usage of Internet is by designing and uploading websites on which false propaganda can be pasted. This sleep withs under the category of using engine room for psychological warfare. The web can promote and reenforcement acts of terrorism by means of propaganda, promotion, instructional dissemination and execution, financing, training, recruiting and can as healthful as facilitate specialised attacks. Non- nominate actors buzz off the technology to create cyber attacks or endanger the cyber environment of the spherical socio-political system. The 2011, Arab Spring revolution in Tunisia, Egypt, and Libya was successful to use cyberspace to pass its message. Threats abound cyber crime, cyber espionage, cyber war and cyber terrorism, all represent genuine risks to nations, firms and item-by-items around the world. Experts reckoned it is a matter of time before cyberspace suits an independent the atre of war. With the rapid march of technology, such attacks forget only receive to a greater extent widespread as the use of Internet for manipulating things increases. We contribute now entered into a new phase of conflict in which cyber weapons can be utilize to create physical destruction in someone elses critical infrastructure. And at that place is a distinct possibility that the disruptions and dislocations it springs are permanent and severe.E.gThe attack virus (which has been circulating for much than five years and has yet to be claimed by an avower, although speculation centres around Israel) has turned the computer into the ultimate spy, collection data files, turning on PC microphones to record nearby conversations, enter instant messaging chats, fetching screen shots and steady remotely ever-changing settings on early(a) computers. muchover, hacker groups, such as Anonymous and Lulz Security (Lulz Sec), accept executed distributed denial of service (D DOS). Under that process, they were successful to deflower websites to versatile regimenal and corporate interests. They hacked NASDAQ and Inter field Momentary Fund (IMF). Internets capabilities dictate the rules of engagement in cyberspace to initiate on-ground battles and at the same time create a fertile ground for new, aspire jihadist. In the recent past, the case of Stuxnet virus which attacked centrifuges. While the targeted victim was the Natanz nuclear site in Iran, opposite organisations across the world, including in India, operating with the siemens system suffered from collateral damage from the attack. Since 2000-01, at that place have been regular reports of Pakistani cyber execrables defacing Indian websites and writing derogatory messages against India. On the other hand, China has aim a formidable adversary in cyber space. Recent cases of Chinese hacking into umpteen Indian governing body establishment computers and even the extremely secure national b ail domains provide enough evidence of its capability in waging cyber warfare. Since 2003, the races Liberation Army has trained more than 30,000 cyber warriors and a nonher 150,000 in the orphic orbit. According to several reports available in the state-supported domain, the Chinese goal is to build the worlds best infoised armed forces. brisk Counter Cyber Security Initiatives.Indian Computer Emergency retort team (Cert-In).Cert-In is the most distinguished constituent of Indias cyber community. Its mandate states, ensure warranter of cyber space in the country by enhancing the tribute communications and data infrastructure, through proactive execute and effective collaboration aimed at cheerion incident prevention and response and auspices assurance. guinea pig teaching Security Assurance Programme (NISAP).(a) regime and critical infrastructures should have a guarantor insurance and create a point of contact. (b) Mandatory for organizations to carry through ce rtification control and report any security incident to Cert-In. (c) Cert-Into create a panel of auditor for IT security.(d) All organizations to be subject to a third ingredienty audit from this panel once a year. (e) Cert-In to be reported more or less security compliance on periodic innovation by the organizations.Indo-US Cyber Security Forum (IUSCSF).Under this forum (set up in 2001) high power delegations from both side met and several initiatives were announced for increase bilateral co functioning to control cyber crime surrounded by the two countries.To mitigate supply-chain risks emanating from telecom equipment manu concomitantured by companies belonging to China, the telecom and home affairs ministry have issued guidelines mandating service provides to secure their networks and induct equipment that has been tested as per planetaryistic standards.CCTNS taking help of ISRO for making couch fully indigenous Warned by erudition operation agencies that using a for eign satellite in the proposed nationwide plague and Criminal Tracking Network and governances (CCTNS) could make critical databases vulnerable to eavesdropping by other countries, the Union Home Ministry has decided to seize the help of the Indian Space look for Organisation (ISRO) to make the project fully indigenous. Since the intelligence agencies raised objections to the proposed use of the IPSTAR satellite managed by Thaicomm in the project, the BSNL diverted to this project some 400 VSATs that it had for other services.Fact Box content Cyber Coordination meat (NCCC)Indian government activity allow for establish its confess multi- berth organic structure National Cyber Coordination means (NCCC) that would carry out real-time estimation of cyber security threats and put up back actionable reports/alerts for proactive actions by law enforcement agencies. NCCC , to be set up at a cost of Rs snow0 crore, would be a multi- force body under Department of Electronics and IT. It result function in sync with other government agencies. These agencies include National Security Council Secretariat (NSCS)Intelligence federal histrionics (IB)Re count and Analysis Wing (RAW)Indian Computer Emergency Response Team (CERT-In)National Technical Research Organisation (NTRO)Defence Research and Development Organisation (DRDO)DIARA (Defence Information Assurance and Research Agency) Army, Navy, Air persuasivenessDepartment of TelecommunicationsWhat leave behind be its functions?It will be Indias introductory layer for cyber threat monitoring and all communication with government and private service providers would be through this body only. The NCCC would be in virtual contact with the control room of all Internet Service Providers to inspect traffic within the country, flowing at the point of entry and exit, including international gateway. Apart from monitoring the Internet, the NCCC would look into various threats posed by cyber attacks. The agenc y will provide law enforcement agencies direct admission fee to all Internet accounts, be it e-mails, blogs or sociable networking data.DRDO doesnt uses any US based company services in its organization.ChallengesIn India, we shoot to create an environment within which security is built into our cyber and communications working methods. While it is the government that correctly takes a lead in evolving a coherent movie of what constitutes vulnerability in our cyber domain and a strategy on how to takings attacks, the private sector ineluctably to recognise the real threat it faces. And this is not a future threat or a prospective threat that we need to prepare ourselves against this is an ongoing, current threat.Cyber threat will continue to grow overdue to the fast evolution and development of internet and related technologies. At the spherical level, nations are stepping up their cyber defence efforts. The U.S. was one of the first countries that considered this to be a str ategic problem in 2006, both in legal injury of nationalsecurity and their future economic substantiallyorganism.The major concern when transaction with Cyber threats is ubiquity and anonymity. What other international medium is highly accessible, far-reaching, ridiculously inexpensive, whereby information is transferred at the speed of light, the attacker invisible and untraceable? Un exchangeable a missile trajectory, IP (Internet Protocol) pathways can be masked and the locations appear opaque. Implicating a source and assigning blame to the attack progenitor is naturally difficult. the extreme difficulty of producing timely actionable warning of potential cyber attacks the extreme multiform vulnerability associated with the IT supply chain for various Indias networks Indias begin to cyber security has so far been ad hoc and piecemeal. A number of organisations have been created but their precise roles have not been defined nor synergy has been created among them. overlook of awareness and the culture of cyber security at individual as well as institutional level. Lack of trained and qualified manpower to lend oneself the tax return measures. Too many information security organisations which have be stimulate washed-out due to turf wars or financial compulsions. A light(a) IT Act which has became redundant due to non exploitation and age old cyber laws. No e-mail account constitution especially for the defence forces, police and the agency personnel. Cyber attacks have come not only from terrorists but also from dwell countries inimical to our National interests.Recommendations.International Co-operationAcknowledging that better indigenous snooping capabilities may not be enough to protect Indias cyber security, National Security adviser Shivshankar Menon has advocated formulating a set of standard operating procedures (SOPs) ground rules for cooperation which would help India accompany in obtaining Internet information from major powers that control much of cyber space. presumption the cyber reality, sensible powers should work towards a globally acceptable cyber regime to bring in a set of rules, build transparency and reduce vulnerabilities. Agreements relating to cyber security should be given the same importance as other unoriginalagreements. The government should also consider joining the European Convention on Cyber crime. A 247 nodal point for international cooperation with cyber authorities of other countries should be set up. Critical InfrastructureCyber security should be obligatory in computer science curriculum and even separate programmes on cyber security should be contemplated. Government should initiate a special drive of implementing practices in the critical infrastructure sectors and provide needful budgetary support for such implementation. Government should establish a mechanism for measuring prep of critical sectors such as security index, which captures preparedness of the sector and as signs grade to it.Government should incorporate IT Supply Chain Security as an important element of e-security plan to address security issues. Government should promote R&D in private industry through active government support for industry-led research projects in the areas of security. Establish enabling mechanisms to facilitate this. focus should be placed on developing and implementing standards and best practices in government functioning as well as in the private sector. Cyber security audits should be made compulsory for networked organisations. Capacity building in the area of cyber crime and cyber forensics in terms of infrastructure, expertise and availability of HR and cooperation between industry, LEAs and judiciary. Cyber security education, R&D and training will be an implicit in(p) part of the national cyber security strategy. PPP model should be explored for taking security to the regions and industry sectors. Strengthening telecom security one of the refer pill ars of cyber security, especially through development of standards and establishment of testing labs for telecom infrastructure(equipment, hardware). More investment in this field in terms of finance and manpower. The shock absorber of the emergence of new social networking media, and convergence of technologies on society including business, economy,national security should be studied with the help of relevant experts,LegalProcedural laws need to be in place to achieve cooperation and coordinationof international organisations and governments to investigate and enlist cyber criminals. Government must put in place necessary amendments in vivacious laws or enact a new legislation like a Data Protection/Privacy Act so as to safeguard against the misuse of personal information by various government agencies and protect individual privacy. Need for trained and qualified experts to deal with the highly specialised field of cyber security and laws related to it. Govt MachineryMake it a mandate requirement for all government organisations and private enterprises to have a designated school principal Information Security Officer (CISO) who would be responsible for cyber security. Establishment of a cyber range to test cyber readiness. More powers to sectoral CERTs.Establish an online mechanism for cyber crime-related complaints to be recorded. constitutionmakers need to recognise this and put in place structures that allow the sharing of cyber security information through both formal and informal cyber exchanges. That requires a fast, matching action between government agencies and the private sector. Indian agencies working after cyber security should also keep a close vigil on the developments in the IT sector of our potential adversaries. Joint efforts by all Government agencies including defence forces to attract qualified skilled personnel for implementation of counter measures.AwarenessNeed to sensitize the common citizens virtually the dangers of cyber terrorism. Cert-in should engage academic institutions and abide by an aggressive strategy.ConclusionDefining how we deal with Cyber threats and attacks internationally is authoritative to peace and security. If Cyber weapons are treated with indifference in comparison to other weapons then it can open the doors tomultifaceted retaliation if a nation is provoked Enforcing the right policies to amalgamate security of governments and law-abiding citizens is critical. The safety of individuals outweighs technical piracy. Sophism and intellectual rhetoric redirects focus on eliminating irrefutable threats like violence and terrorism. Instead, diluted versions of policies are implemented and lives are put at risk. . India must take an early lead in creating a fabric where the government, the national security experts and the industry catering to strategic sectors of economy, can come together, to pursue the goal of cyber security in the larger national cause Need to prepare cyber for ces .The United States was the first country to formally guard this as the fifth domain warfare after land, sea, air and space. It has also formally classified the use of cyberspace as a force, a euphemism for offensive capability. The Chinese adopted the concept of informationalisation in the mid-1990s and have relentlessly built up structures and operations in this domain.Cyber Security plightJohn Herz, an American scholar of international relations and law is assign for coining the term security dilemma. The dilemma expresses how both the strong and weak states can upset the balance of power that could eventually bring to pass a catalyst for war. The security dilemma could arise from the states accumulation of power due to fear and uncertainty intimately other states intentions. Post-9/11, straight US memorial tablets have mostly attempted to handle global upset by accumulating more power. Not surprisingly, since 2007, the US has been collecting and analysing substantia l amount of data available in the cyber space. Cyber security dilemma of the US was recently opened by the US whistle-blower Edward Snowden, giving inside information about the US National Security Agencys polemical Prism programme. The US, clearly has been monitoring the global e-traffic covertly and in the process checking on cyber activities on Google, You Tube, Skype, Facebook, etc. This has resulted in a huge amount of metadata (a data about data). US administration has been spoofing on the rest of the world. In the 21st century, with the number of computerand internet users is increasing significantly, the cyber environment has close to become fundamental to a nations existence. oer the years Information and Communication Technologies (ICT) have become central to various sectors from social, economic, political to defence. The fillip side to it is that various unauthorised, illegal, criminal, anti-national and terrorist activities have also become rampant. Astonishing a s it may sound, but the third most inhabited country after China and India is not any geographical entity but a virtual state called facebook The human rights activists and states who are under the US surveillance consider it an anti-democratic act that undermines the well-bred liberties and individual privacy. The absence of a globally accepted cyber regime and legal structure adds further to the commotion. The prodigal dependence on cyber tools has given rise to various vulnerabilities. Recently the US National Security Agency chief Gen Keith Alexander, who also heads the US militarys Cyber Command, has expressed concerns and is of the opinion that on a scale of 1 to 10, the US critical infrastructures preparedness to withstand a destructive cyber attack is about 3, this in spite the US having establish a major defence infrastructure to defend against foreign hackers and spies. This assessment would push the US to strengthen its defences further. However, since the nature of the threat is extremely self-propelling it may not be possible to build any foolproof defensive mechanism. Any cyber architecture can be viewed as a doubled edged sword either ignore it and be exposed or use it to ones advantage. Cyber espionage is here to stay. Today, the US is direct because of its technological superiority and ability to manage the ICT industry and prevent fewer acts of terrorism from demonstrablely happening. More importantly, the data gathitherd would have proceeds in other fields too.ConclusionSnowden has clearly exposed the US but it is hard to imagine that the US would halt its cyber activities. As a leading power, the US is accustomed to international criticism, lawsuits and questioning and at the end of the day cyber spying and spoofing actually strengthens their intelligence gathering capability. It is important to quality that cyber expertise offers significant amount of asymmetric advantage to the user. In the future, it isnot only the US but ma ny other states that are also likely to use this method (mostly covertly). States would support a cyber regime essentially because intelligence collection is not the sole purpose for possessing cyber assets. ITC also leads to authorization and its importance for socioeconomic development s undisputed. In general, the norms of privacy in a cyber-era world would remain a constant subject of overturn since the nature of technology presents a challenging task to catch the actual offender. Technologically superior power would always have an advantage. The time has come to recognize that in the future we would always be watched and mostly against our own wishesIndia-US collaboration in Cyber SecurityIndian officials and security officers would soon be visiting the U.S. for training in an array of courses from cyber security, megacity policing and forensics, to critical infrastructure safeguard, financial terrorism and anti-terrorism intelligence. The list of training programmes inclu de Land Transportation Anti-terrorism Weapons of destiny Destruction Seaport Security International Border Interdiction preparedness and International Sea Interdiction Training to check smuggling and trafficking discussion of equipment for screening men against radiological, chemical and explosive materials and Handling of intrusive sensing at airports and seaports.With the growing population in cities and increasing threat perception, the U.S. has also offered India to help develop the concept of megacity policing, a step it has been promoting since the 9/11 attacks.An advance course in surveillance, control room design and its operation by various security agencies and police authorities are call elements of this concept.Balancing vigilance and privacyAs the government steps up its surveillance capabilities, the entire social contract between the state and citizens is being reformulated, with worrying consequencesThe Indian state is arming itself with both technological capa bilities and the institutional textile to track the lives of citizens in an unprecedented manner.A new change supervise System (CMS) is in the offing, which would build on the already existing mechanisms. As The Hindu reported on June 21, this would allow the government to access in real-time any mobile and fixed line conversation, SMS, fax, website visit, social media usage, Internet search and email, and will have unmatched capabilities of deep search surveillance and monitoring.Civil society groups and citizens expressed concern about the governments actions, plans, and intent at a discussion set up by the Foundation for Media Professionals, on Saturday.The contextUsha Ramanathan, a widely respected legal scholar, pointed to the larger political context which had permitted this form of surveillance. It stemmed, she argued, from a mistaking of the notion of sovereignty. It is not the government, but the people who are sovereign. Laws and the Constitution are about limiting th e power of the state, but while people were being subjected to these restrictions, the government itself had found ways to remain above it either by not having laws, or having ineffective regulators. States knew the kind of power they exercised over citizens, with the result that impunity had grown.There is also a complete breakdown of the criminal justice system, Ms Ramanathan said. This had resulted in a reliance on extra-judicial methods of investigation, and scape-goating had become the norm. National security had been emphasised, re-emphasised, and projected as the central goal. We havent pause to ask what this means, and the extent to which we have been asked to give up personal security for the sake of national security. It was in this backdrop that technology had advanced by leaps, and made extensive surveillance possible.The implications are enormous. The data is often used for purposes it is not meant for, including political vendetta, keeping track of rivals, corporates, and digging out facts about a citizen when he may have antagonised those in power.Pranesh Prakash, director of the Centre of Internet and Society (CIS) looked back at the killing of Haren Pandya, the senior Bharatiya Janata troupe (BJP) leader in Gujarat. Mr Pandya was using the SIM card of a friend, and it was by tracking the SIM, and through it his location, that the Gujarat government got to know that Mr Pandya had deposed before a commission and indicted the administration for its role in the riots. Eventually, he was found murdered outside a park in Ahmedabad. The Gujarat Police had accessed call details of 90,000 phones.It is also not clear whether mining this kind of data has been effective for the national security purposes, which provide the reason for doing it in the first place. Saikat Datta, resident editor of day-after-day News and Analysis, and an expert on Indias intelligence apparatus, said a core problem was the absence of any auditing and over sight. There need s to be a constant review of the number of calls, emails under surveillance, with questions about whether it is yielding results. unless this does not happen, probably because a majority is not for counter-terrorism. There would be trouble if you build accountability mechanisms. When he desire information under RTI around precisely such issues, he was denied information on the grounds that it would strengthen enemies of the state.Anja Kovacs, who works with the Internet nation Project, said this form of mass surveillance criminalised everybody since it was based on the guess that each citizen was a potential criminal. She also pointed out that having more information did not necessarily mean it was easier to address security threats there was intelligence preceding the Mumbai attacks, but it was not acted upon. She added, Most incidents have been adjudicate by traditional intelligence. Investing in agencies, training them better could be more effective.Bring in the caveatsFew argue that the state is not entitled to exercise surveillance at all. In fact, a social contract underpins democratic states. Citizens agree to subject some of their rights to restrictions, and vest the state with the monopoly over instruments and use of violence. In turn, the state acting within a set of legal principles being accountable to citizens and renewing its popular genuineness through different measures, including elections provides order and performs a range of developmental functions.This framework, citizens and civil liberty groups worry, is under threat with governments appropriating and usurping authority to conduct unprecedented surveillance. Citizen groups, technology and privacy experts came together globally to draft the International Principles on the practise of Human Rights to Communication Surveillance.It prescribed that any restriction to privacy through surveillance must be legal it must be for a legitimate aim it must be strictly and demonstrably neces sary it must be preceded by showing to an established authority that other less invasive investigative techniques have been used it must follow due process decisions must be taken by a competent judicial authority there must be open oversight mechanisms and integrity of communications and systems should be maintained. (Full text available on www.necessaryandproportionate.org)Mr Prakash of CIS, which has done extensive work on surveillance and privacy issues, said, An surplus principle must be collection limitation or data minimisation. Giving the instance of Indian Railways seeking the date of birth from a customer booking a ticket, Mr Prakash said this was not information which was necessary. But it could be used by hackers and many other agencies to access an individuals private transactions in other areas. The UPA government is finalising a privacy Bill, but its final version is not yet public, and it is not clear how far the government would go in protecting citizen rights.Nat ional cyber security Policy 2013National Cyber Security Policy 2013This polity aims at facilitating invention of secure computing environment and enabling adequate aver and confidence in electronic transactions and also guiding stakeholders actions for protection of cyber space. The National Cyber Security Policy document outlines a road-map to create a framework for comprehensive, collaborative and collective response to deal with the issue of cyber security at all levels within the country. The polity recognises the need for objectives and strategies that need to be adopted both at the national level as well as international level. The objectives and strategies outlined in the National Cyber Security Policy together serve as a means toi. Articulate our concerns, understanding, priorities for action as well as directed efforts. ii. Provide confidence and mediocre assurance to all stakeholders in the country (Government, business, industry and general public) and global communi ty, about the safety, resiliency and security of cyber space. iii. Adopt a suitable bear that can signal our resolve to make discouragemined efforts to effectively monitor, deter & deal with cyber crime and cyber attacks.Salient features of the form _or_ system of governmentThe Policy outlines the roadmap for creation of a framework for comprehensive, collaborative and collective responsibility to deal with cyber security issues of the country. The constitution has ambitious plans for rapid social transformation and inclusive growth and Indias prominent role in the IT global market. The policy lays out 14 objectives which include creation of a 5,00,000-strong professional, skilled workforce over the next five years through capacity building, skill development and training. The policy plans to create national and sectoral level 247 mechanisms forobtaining strategic information regarding threats to ICT infrastructure, creating scenarios for response, resolution and crisis manageme nt through effective, predictive, preventive, proactive response and recovery actions. The policy will also establish a mechanism for sharing information as well as identifying and responding to cyber security incidents and for cooperation in restoration efforts. The policy identifies eight different strategies for creating a secure cyber eco-system including the need for creating an assurance framework apart from encouraging open standards to facilitate inter-operability and data exchange amongst different products or services. There is in place a plan to lick and strengthen the national Computer Emergency Response Team (CERT-In) to sour 247 and to act as a nodal agency for all efforts for cyber security, emergency response and crisis management, as an umbrella agency over CERTs. It is anticipate that he policy will cater to the cyber security requirements of government and non-government entities at the national and international levels. The policy will help in safeguarding the critical infrastructure like Air Defence system, nuclear plants, banking system, power infrastructure, telecom system and many more to secure countrys economic stability.National Nodal AgencyThe National Cyber Security Policy, in order to create a secure cyber ecosystem, has planned to set-up a National Nodal Agency. The nodal agency will be coordinating all matters related to cyber security in the country. The nodal agency has a wide mandate as it will cover and machinate security for all strategic, military, government and business assets. This is distinctive, since, so far, national security regimes have been divided among the Ministry of Defence (for securing Indias borders) and the Ministry of Home Affairs (for national and internal security across States).Public-private partnership to protect national assets other defining aspect of the policy is the level at which it envisages public-private partnership to protect national assets. There is a clear recognition in the policy that, apart from Indias IT, technology and telecommunications services, large parts of financial & banking services,airline & transportation services, energy and healthcare assets are not only possess by the private sector but, in fact, remain vulnerable to cyber-attacks, both from state and non-state actors.Protection centreA crucial aspect of the policy is building resilience around the Critical Information Infrastructure (CII) by operationalising a 247 Nation Critical Information Infrastructure Protection Centre (NCIIPC). The Critical Information Infrastructure will catch up with all interconnected and interdependent networks, across government and private sector. The NCIIPC will mandate a security audit of CII apart from the certification of all security roles of chief security officers and others involved in operationalising the CII.OperationalisationThe policy will be operationalised by way of guidelines and Plans of Action, notified at national, sectoral, and other levels. While there is a recognition of the importance of bilateral and multilateral relationships, the policy does not clearly identify Indias position vis--vis the capital of Hungary Convention even though government delegations have attended meetings in London and Budapest on related issues in 2012.Why does India need a cyber security policy?Cyber security is critical for economic security and any disaster to ensure cyber security will lead to economic destabilisation. India already has 800 million active mobile subscribers and 160 million other Internet users of which nigh half are on social media. India targets 600 million broadband connections and 100% teledensity by 2020. Internet traffic in India will grow nine-fold by 2015 topping out at 13.2 exabytes in 2015, up from 1.6 exabytes in 2010. The ICT sector has grown at an annual compounded rate of 33% over the last decade and the contribution of IT and ITES industry to GDP increased from 5.2% in 2006-7 to 6.4% in 2010-11, accordin g to an IDSA task force report of 2012. Given the fact that a nations cyber ecosystem is constantly under attack from state and non-stateactors both. It becomes extremely critical for India to come up a coherent cyber security policy. One of the key objectives for the government is also to secure e-governance services where it is already implementing several nationwide plans including the e-Bharat project, a World Bank-funded project of Rs. 700 crore.CriticismThe throw in of the National Cyber Security Policy 2013 is an important step towards securing the cyber space of our country. However, there are certain areas which need further deliberations for its actual implementation. The provisions to take care security risks emanating due to use of new technologies e.g. Cloud Computing, has not been addressed. Another area which is left untouched by this policy is tackling the risks arising due to increased use of social networking sites by criminals and anti-national elements. There is also a need to incorporate cyber crime tracking, cyber forensic capacity building and creation of a platform for sharing and analysis of information between public and private sectors on continuous basis.Creating a workforce of 500,000 professionals needs further deliberations as to whether this workforce will be trained to simply monitor the cyberspace or trained to acquire offensive as well as defensive cyber security skill sets. Indigenous development of cyber security solutions as enumerated in the policy is laudable but these solutions may not completely tide over the supply chain risks and would also require building testing infrastructure and facilities of global standards for evaluation.Indian Armed forces are in the process of establishing a cyber command as a part of strengthening the cyber security of defence network and installations. Creation of cyber command will entail a parallel hierarchical structure and being one of the most important stakeholders, it will be prud ent to address the jurisdiction issues right at the beginning of policy implementation. The global debate on national security versus right to privacy and civil liberties is going on for long. Although, one of the objectives of this policy aims at safeguarding privacy of citizen datahowever, no circumstantial strategy has been outlined to achieve this objective.The key to success of this policy lies in its effective implementation. The much talked about public-private partnership in this policy, if implemented in true spirit, will go a long way in creating solutions to the ever-changing threat landscape.Central Monitoring System (CMS) project warrantIndian governments own Central Monitoring System (CMS) project. roughly 160 million users are already being subjected to large surveillance and monitoring, much of which is in violation of the governments own rules and notifications for ensuring privacy of communications. While the CMS is in early stages of launch, investigation sh ows that there already exists without much public knowledge Lawful Intercept and Monitoring (LIM) systems, which have been positioned by the Centre for Development of Telematics (C-DoT) for monitoring Internet traffic, emails, web-browsing, Skype and any other Internet activity of Indian users. While mobile operators deploy their own LIM system, allowing interception of calls by the government, only after checking due authorisation in compliance with Section 5(2) of the Indian Telegraph Act read with prescript 419(A) of the IT Rules In the case of the Internet traffic, the LIM is deployed by the government at the international gateways of a handful of large ISPs. The functioning of these secretive surveillance systems is out of reach of these ISPs, under lock and key and complete control of the government.

No comments:

Post a Comment