Let's Build a Responsible Cyber Society

Visit
www.ceac.in


Visit
www.arbitration.in

 

Threats to Cyber Security

Vision-2009

Naavi

[Gist of Speech delivered by Naavi on 29th Nov 2008 at the International Conference on Cyber Security organized by Indian Academy of Law and World Council for Corporate Governance]

National Security has been a matter of concern for all patriotic citizens of India. Today we see threat to this national security from many sides. The most visible of them is the Terrorism in the Physical Space. The country has been trying to find a solution to the threat of terrorism but has not been able to make as much progress as one could wish.

However, it is necessary for us to recognize that one or some of the keys to national security against terrorism may perhaps be fond in the Cyber Space.

Cyber Space hosts significant parts of our economy and any threat to Cyber space security is therefore a threat to our economy.

Cyber Space also is a gateway to many of our critical assets both financial and infrastructural. It is also a major communication channel. Cyber wars are launched to destabilize the country and to secure advantages during a conventional war.

Cyber Space security is therefore a part of the National Security. If we are weak in Cyber Security, we cannot be strong in physical security.

Cyber Security has many dimensions. One of the dimensions is having the required technical expertise. Another dimension is to have an effective legal regime. Third dimension is to have an effective security infrastructure that can use the technology and the law towards achieving the objective of securing the information assets of the country.

 While discussing the role of laws in cyber space, there are two main objectives. Firstly the laws should be drafted in such a manner that they  

 

Ø      do not provide loopholes for criminals to escape

Ø      do not make it difficult for Police to investigate and

Ø      provide power with discretion to judiciary to impose appropriate punishments…

 

Additionally, framing of a good law also requires promotion of “Security Culture” in the community

 

Ø      By providing appropriate guidance to the society

Ø      By providing solutions for security

Ø      By making compliance mandatory

 The Indian scenario is on Cyber Laws is that we have the Information Technology Act 2000 (ITA 2000) which provides

 

Ø      3 years imprisonment (+Rs 2 lakhs fine) for “diminishing the value of information or utility”

Ø      10 years for attempting to access a protected system

Ø      Rs 1 crore compensation for any loss arising out of unauthorized access

Ø      Makes Intermediaries and Companies responsible for practicing “Due Diligence”

ITA 2000 may not be as stringent as in some other countries where cyber terrorism may be punishable with life imprisonment but may be considered reasonable.

 In fact the current version of ITA 2000 must be considered more than reasonable when we consider what may be in store when it is amended with ITAA 2006

 

Ø      Punishment for most of the offences to be reduced to 2 years

Ø      Preconditions  imposed for some sections

Ø      Dishonesty, Fraud and malicious intention for Sec 66

Ø      Conspiracy and abetment for Sec 79

 

Also, a Personal Data Protection Act is under anvil both through some of the amendments proposed in ITAA 2006 through  Sec 43 A and Sec 72 A as well as the proposed new law called personal Data Protection Act 2006.

 

Ø      43 A providing compensation of Rs 5 crore

Ø      72A providing imprisonment of 2 years and Rs 5 lakh fine for negligent or intentional disclosure of private information

Ø      PDPA 2006 providing 3 years imprisonment, Rs 5 lakh fine and compensation for the victim

 

However, what is also required is promotion of a Compliance Culture in our society like what HIPAA tries to achieve.

 Such a Compliance culture needs to be promoted through  

Ø      Security Education

Ø      Security accountability

Ø      Security Practices

Ø      Security audit and certification

 In addition, we may need appropriate security standards to be developed for different types of industries.

Ø      Like LIPS1008 developed by Cyber Law College for Legal Information Protection in LPOs in India

Ø      IFIPS-Standards for Financial Services, Small Banks, Stock broking firms, Insurance..under development

 We also require new approaches to cyber security such as development of  an effective Cyber Crime Insurance system as a financial incentive for initiating best security practices.

 We also require Law Compliance software/Services to facilitate compliance

 As a final but important step we need an integrated National Cyber Security Infrastructure that can be an umbrella organization coordinating cyber security efforts against

 

Ø      Cyber Wars against Indian Cyber assets

Ø      Cyber terrorist attacks

Ø      Cyber Crimes

Ø      Data security breaches

 Some of the Challenges we need to foresee in this effort are managing

 Ø      Coordination of Police in different States

Ø      Cooperation of ISPs in India and abroad

Ø      Cooperation between private sector and Police

Ø      Cooperation from all IT Users-

Ø      E-Commerce, E-Governance and Individuals

Need of the Hour is therefore  an “Indian National Cyber Security Force” which can achieve a sustainable bondage between naturally repelling entities to bring about a synergy in their operation, a strategy to make this happen in a predefined time frame perhaps a Vision 2009.  

Na.Vijayashankar

November 29 2008

Related Article:

Digital Society Day 2008

Cyber Threat Report 2009

Kudos to the Parliamentary Committee

Recipe for Killing Journalistic Ethics

Why Times of India is Wrong

Please do not try to manipulate public opinion with planted stories

 

 

Visit
www.Naavi.net

Visit
www.lookalikes.in