National Cyber Security Forum Urges an Indian PATRIOT Act
The Mumbai terrorist attacks on 26/11 has been
frequently referred to in India as the “9/11 of India”. In terms of the
impact it has created in the country it is definitely a fair comparison.
However, what the Indian population has been wondering
is whether our country can respond to this situation as strongly as US did
after 9/11/2001 as a result of which no terrorist attack has occured in US
since then. The intensity of the feelings prevailing in India has made
every Citizen sit up and ask himself what he can do for the Country to stop
the evil of terrorism.
It is in this context that Cyber Law College, a
dedicated Cyber Law education center in India primarily operating as a
Virtual institution thought it necessary to formulate a response of the
Netizens to terrorism and more particularly to what is often referred to as
“Cyber Terrorism” and arranged a Round Table Discussion on the subject of
“Cyber Terrorism” at Bangalore on 6th December.
A small group of professionals committed to the cause
met and exchanged their views and charted an action plan for further
activities in contributing to the fight against “Cyber Terrorism”.
The Round Table discussed on four sets of issues namely
the legal issues, IT industry issues, the measures which US took after 9/11
and actionable tasks that are required at present.
The group felt that though the proposed amendments to
ITA 2000 is expected to include a section on “Cyber Terrorism”, it would be
grossly insufficient and the Government of India (GOI) should not feel
complacent that “Cyber Terrorism has been tackled”. It highlighted that
apart from having an effective definition, operational issues such as the
“Powers of the police” and “Admissibility of Evidence” needs to be further
amended in favour of the law enforcement for offences classified as “Cyber
Terrorism” as against offences classified as “Cyber Crime”.
Debating on the definition of “Cyber Terrorism” used by
FBI and US National Infrastructure Protection Center, it was felt that both
the definitions make it dependent on “Violence in physical space” and could
be restricted to only those cases in which there is loss of human life or
destruction of physical property. It was felt that these offences are
already covered as “Terrorism” in the normal laws and if the definition of
“Cyber Terrorism” has to make a difference, then it is essential to expand
the definition of “Violence” to include destruction of virtual property
too.
It was also felt that Terrorist support activities on
the Internet such as propaganda, rumour mongering, money laundering etc
also need to be covered. It was also recognized that the US definition
require “political” agenda where as “Religious” agenda of the perpetrators
may not be adequately covered.
It was therefore felt that ITA 2000 should ensure that a
restrictive definition of Cyber Terrorism should not be used.
On the industry front, it was discussed that the IS
efforts presently adopted may not fully take into account the possibility
of cyber terror attacks and the IS practices need to be refined to ensure
that risks arising out of Cyber terror attacks are adequately mitigated.
It was felt that on the lines of the Department of Home
Land Security, India should also set up a national agency to oversee all
activities connected with the fight against Cyber Terrorism.
In particular the need for an “Indian PATRIOT Act”
creating a comprehensive legislative framework was strongly felt necessary
in India. Such an act was felt useful to enable “Counter intelligence
measures” to be put on a proper legislative frame work. It was felt that
individuals who often use their skills to carry out Cyber attacks in
retaliation to web defacements should be put on guard that they may
actually be indulging in “Cyber terrorism” as defined in victim countries.
It was indicated that Pakistan has recently passed a
legislation which provides for life imprisonment and also death penalty
for Cyber Terrorist acts and our technologists need to be restrained from
taking law into their own hands. On the other hand, the group urged that
the GOI should introduce a mechanism by which services of ethical
hackers are used by the Government for counter intelligence and where
necessary counter attacks but under a strict control of a law enforcement
agency.
The group also highlighted the need to bring the
Netizens under the national security framework by creating suitable
security awareness so that the presence of “botnets” are reduced and
security breaches as are common in WiFi networks are reduced
substantially.
In order to follow up on various suggestions made during
the discussion and to extend the reach of the group, it was decided to
formally call the group as the “Indian National Cyber Security Forum” and
reach out to other similar thinking individuals to contribute ideas on how
Netizens can participate in the national cyber security plans.
It was decided to have further meetings both in
Bangalore and other places such as Chennai to take the discussions
forward.It was agreed that the members will take up the recommendations to
other fora and the Government for further processing so that significant
improvements can be brought into the system of Cyber Security in India.
Naavi
[P.S: This is a brief report on the first meeting of the
National Cyber Security Forum held at Bangalore on December 6, 2008, an
initiative of the Naavi’s Cyber Law College]
