Friday, December 21, 2012

National Cyber Security Policy Of India

The recent cyber attacks upon India have proved once again that we need to pay more attention to cyber security in India. Cyber security in India is required not only to protect sensitive information stored in the computers of strategic Indian departments and ministries but also to safeguard the present and future critical infrastructure of India.

Not only critical infrastructure protection in India is needed but also critical ICT infrastructure protection in India (CIIP in India) is need of the hour. CIIP in India is an area that requires urgent attention of our policy makers. We must formulate a critical ICT infrastructure protection policy of India as soon as possible.

Similarly, cyberspace crisis management plan of India is also required to be formulated. We must formulate a national ICT crisis management plan of India. Further, Indian crisis management plan against cyber attacks and cyber terrorism must also be formulated.

All these, and many more, aspects must be made a part of the cyber security policy of India. A national cyber security policy of India must be formulated in this regard that is made implementable after a reasonable period. Issues like cyber warfare, cyber terrorism, cyber espionage, international cyber security cooperation, etc must be part of the same.

We need a clear and implementable cyber security strategy of India. The cyber security policy and strategy of India must be techno legal in nature that can take care of both technical and legal aspects of cyber security.

There is no second opinion that national security policy of India is required and cyber security is an essential and indispensable part of the same. The sooner we formulate and adopt the same the better it would be for the larger interests of India.

Source: ICTPS Blog.

Cyber Security Policy Of India

Cyber security in India has not received the attention of Indian policy makers. As a result India has witnessed many sophisticated cyber security attacks against its computer systems operating at crucial departments and places from time to time. Even the terrorists are using technology to further their nefarious objectives in India. The problem is that Indian government, like any other government, is not capable of tackling cyber security issues single handedly. It needs private sector support to achieve this task.

According to Praveen Dalal, Managing Partner of the exclusive techno-legal cyber security research and training centre of India (CSRTCI), cyber security in India needs an urgent rejuvenation. He informs that till now Indian government has not thought it fit to consider cyber security as a part of National Policy.

It is obvious that India is finding it difficult to gather necessary cyber security expertise and this is resulting in a weak cyber security. Fortunately, private initiatives like CSRTCI are bridging the much needed gap of cyber security in India. The centre is providing techno-legal solutions for areas like cyber law, cyber security, cyber forensics, cyber terrorism, cyber espionage, critical ICT infrastructure protection, cyber war, etc. It is also providing techno-legal solutions for Indian projects like CCTNS, Natgrid, NCTC, etc.

CSRTCI also maintains a “repository” of software and tools for areas like cyber security, cyber forensics, penetration testing, malware analysis, encryption, stegnography, etc. It also maintains a rich techno-legal literature, articles, databases, etc for ready reference.

However, the most important and crucial achievement of the CSRTCI is that it has an “Exclusive Techno-Legal Software Repository” and research literature. It also has expertise for “aggressive defence” and human rights protection in cyberspace. In short, it is a single place destination for the techno-legal cyber security and allied fields.

The government of India and private sector of India must concentrate upon cyber security as soon as possible. Further, there is an emergent need to make proper amendments in the otherwise impotent, weak and ineffective cyber law of India. The increasing cyber crimes in India is also attributable to the “welcoming law” of India incorporated in the information technology act 2000 that instead of deterring the cyber criminals is in fact encouraging them to indulge in cyber crimes.

Source Legal Enablement Of ICT Systems In India.

National Cyber Security In India

Cyber security of India is ailing from various drawbacks. As a result India has not been able to fully capatilise the benefits of cyber security. There is no doubt about the proposition that cyber security in India must be improved urgently.

Although everybody talks about improving cyber security in India yet none provides the formula to do so. The safest and surest formula to strengthen Indian cyber security is to formulate an effective and robust cyber security strategy and policy of India.

India has another very compelling reason to ensure robust and resilient cyber security. The critical national infrastructure of India cannot be safeguarded from cyber attacks if India has a weak cyber security infrastructure, inform Praveen Dalal, managing partner of Perry4Law. With more and more public services now delivered though Internet, e-governance and computer systems, it is pertinent to ensure their integrity and security, suggests Dalal.

In fact, Indian government has released the draft electronic delivery of services bill 2011 that would ensure effective electronic delivery of services in India once it becomes an applicable law. However, the proposed mandatory delivery of electronic services would face many problems including cyber security problems.

If the essential public services are made electronic without ensuring robust cyber security, it would be a nightmare for India, warns Dalal. The government must ensure a strong cyber security for the infrastructure providing electronic delivery of services to Indian citizens, suggests Dalal.

National cyber security of India has to cover a long distance before we can call ourselves a reasonably cyber safe nation. India must increase cyber security readiness with adaptive threat management. Further, India must also ensure cyber due diligence compliances and cyber security audits, incidence response and threat analysis, first responder’s utilisation and other similar practices to ensure efficient cyber security practices.

Source: Techno Legal News.

Thursday, December 20, 2012

National Cyber Security Database Of India (NCSDI)

Cyber security field requires dedicated and collaborative efforts on the part of various stakeholders. Cyber Security In India also requires such collaborative efforts where public private partnership (PPP) can be really handy.

Cyber Security Issues In India are too much and too complicated to be managed by a single organisation or individual. At Perry4Law’s Techno Legal Base (PTLB) we believe that cyber security is a techno legal field that requires techno legal expertise. We also believe that we must develop both Offensive And Defensive Cyber Security Capabilities In India.

In other words, Cyber Security Skills And Capabilities Development In India must be ensured as soon as possible. PTLB E-Learning Platform has been working in this direction for long.

In order to make our cyber security efforts more robust, effective and holistic, PTLB has launched the first ever techno legal national cyber security database of India (NCSDI). Those interested in enrolling with NCSDI must read the enrolment criteria for the same.

Managing India’s Cyber Security Problems, Issues And Challenges is not an easy task. Without good collaboration and concrete steps in this direction, Cyber Security Issues And Problems In India cannot be resolved.

Keeping these cyber security mandates in mind, PTLB has been operating the exclusive techno legal Cyber Security Research Centre Of India (CSRCI) and NCSDI is an integral part of the same. We hope the Cyber Security Projects And Initiatives Of PTLB would prove useful to all concerned.

Source: Cyber Security Research Centre Of India.

National Security Database Of India

In a much needed development, Perry4Law’s Techno Legal Base (PTLB) has constituted the first ever techno legal national cyber security database of India (NCSDI). This is a significant development that can go a long way on strengthening of cyber security of India.

The NCSDI is a part and parcel of much larger and more specialised initiative of PTLB. It is part of the exclusive techno legal cyber security research centre of India (CSRCI) managed by PTLB.

The NCSDI would consist of techno legal cyber security experts of India who should be enrolled with PTLB in this regard. Those interested in enrolling with NCSDI must read the enrolment criteria for the same.


NCSDI would also be an essential part of various cyber security initiatives and projects of Indian government and private cyber security players of India and abroad.

NCSDI is a very ambitious and much needed initiative of PTLB that deserved support and collaboration of Indian government and various cyber security stakeholders. Let us see how NCSDI and CSRDI would strengthen the cyber security environment of India.

Source: Cyber Laws In India.

National Cyber Coordination Centre (NCCC) Of India

Cyber law issues, cyber security and national security are on agenda of Indian government these days. However, till now cyber security in India is not upto the mark and cyber law of India requires an urgent repeal. This is because the entire approach and attitude of India government is defective.

Indian government has failed to understand that e-surveillance is not a substitute for cyber security capabilities. Instead of developing cyber security capabilities of India, the Indian government is stressing upon growing use of e-surveillance in India and Internet censorship in India.

All these exercises of India government have been done without any legal framework supporting these initiatives of Indian government. Phones are tapped in India without a constitutionally valid phone tapping laws in India. The central monitoring system project of India (CMS Project of India) is also not supported by any legal framework. Surveillance of Internet traffic in India is also another area that requires a sound legal framework. Various authorities with far reaching powers have been created without any legal backing.

See ICTPS Blog for more.

Wednesday, December 19, 2012

Cloud Computing Due Diligence In India

Cloud computing in India is still at the infancy stage. The primary reasons for this situation is absence of legal framework for cloud computing in India, missing privacy laws, absence of data protection laws in India, inadequate data security in India, etc. Even the basic level cloud computing regulations in India are missing.

Many legal experts in India have opined that India must not use software as a service (SaaS), cloud computing, m-governance, etc till proper legal frameworks and procedural safeguards are at place. Even the CEOs of many companies are apprehensive of using cloud computing for their companies businesses.

Even if a company or individual offers cloud computing services in India, it/he has to comply with many legal provisions and cyber due diligence requirements. The information technology act 2000 (IT Act 2000) has prescribed due diligence requirements for various business organisations and stakeholders. These due diligence requirements equally apply to cloud computing service providers in India.

These due diligence requirements are very stringent and cloud computing providers can find themselves in legal hassles if they ignore the same. Managing sensitive and personal data and information in India is no more a causal approach but it has become very stringent.

With the proposal to codify law of torts in India, more and more civil proceeding for violation of privacy rights may be initiated against the cloud computing service providers. It would be a wise option to establish best practices and cloud computing policy by all stakeholders in their own larger interests.

Source: ICTPS Blog

Social Media Websites And Cyber Crimes In India

We have no dedicated social media laws in India although guidelines for social media contents monitoring in India may be prescribed. Although we have a cyber law in India in the form of information technology act 2000 (IT Act 2000) yet we have no dedicated social networking laws in India. The cyber law for social media in India needs to be strengthened further keeping in mind a balance between civil liberties and law enforcement requirements.

Human rights protection in cyberspace in India is also required to be considered by Indian government. Presently, protecting civil liberties protection in Indian cyberspace is not a priority for India and this is a serious problem.

For instance, till now we have no social media policy in India. Even we do not have dedicated social networking laws in India that can take care of the misuses of social platforms. However, the framework and guidelines for use of social media for government organisations has been recently suggested by department of information technology. Theses guidelines provide an Indian social media framework for governmental departments and organisations that employees of these organisations must follow.

Social media is considered to be an Internet intermediary as per Indian cyber law. The recent controversy of Internet censorship in India has once again reiterated the importance of effective social media laws in India.

Cyber law due diligence in India has become very stringent. This applies to various fields and to multiple stakeholders. For instance, cyber due diligence for banks in India is now a well known requirement for banks in India. However, Internet intermediaries are the most widely covered stakeholders in this regard. Intermediaries liability for cyber law due diligence in India is really tough and they must take it very seriously.

See ICTPS Blog for more.  

Cyber Law Due Diligence In India

Cyber Law Due Diligence and Cyber Security Diligence in India are two fields that are not taken seriously by Stakeholders and Intermediaries of India. Under the Information Technology Act 2000 (IT Act 2000) there are many “Due Diligence Requirements” that Banks, Internet Service Providers (ISPs), Search Engines, E-Commerce Portals, etc must fulfill. However, by and large these Due Diligence Requirements are seldom followed till some “Criminal Prosecution” takes place.

This “Mindset” needs to be changed in India. The Cyber Law of India has express provisions that provides for both Civil and Criminal Liabilities for “Non Observance of Due Diligence”. Once these provisions are attracted, the concerned Person or Institutions has to defend himself/itself in a Court of Law.

In India there is a lack of awareness about both Cyber Law of India as well Cyber Law Due Diligence Requirements in India. This is the main reason why Cyber Law Due Diligence has not been upto the requirements and expectations.

Of all stakeholders, Intermediaries must pay special attention to Cyber Law Due Diligence Requirements of India. Intermediaries like ISPs, Cyber Café owners, Web Hosting Service Providers, Blogging Platforms, etc have to take care of issues pertaining to Cyber Law, Cyber Security, Defamation Laws, Intellectual Property Rights (IPRs) Violations, etc.

A special care must be taken of the Online Copyright issues that are increasingly posing problems for Intermediaries. The liability of Internet Intermediaries for Copyright Violations is an issue that should be taken very seriously. With Laws like Digital Millennium Copyright Act (DMCA) and similar Laws, this liability has become very onerous.

“Take Down Notices” for Copyright Violations in the Cyberspace are very common these days. The moment a take Down Notice is communicated to the Intermediary, it becomes imperative on its behalf to take appropriate action. Further, the “Long Arm Jurisdiction” makes the applicability of National Law Extra Territorial. Even the Cyber Law of India has Extra Territorial Applicability.

Perry4Law and Perry4Law’s Techno Legal Base (PTLB) “Strongly Recommends” that all Stakeholders and Intermediaries must put in place Robust and Effective Due Diligence Mechanisms at their places. This would not only help them in preventing Crimes and Cyber Crimes but would also protect them from various Civil and Criminal Liabilities as well.

Source: ICTPS Blog

Working Group Of RBI On Information Security, Electronic Banking, Technology Risk Management And Cyber Frauds

Reserve Bank of India (RBI) has recently constituted a working group on information security, electronic banking, technology risk management and cyber frauds. The working group submitted its report in the recent past upon which public inputs were invited. After analysing the public inputs, the final draft has been recently released and notified by the RBI.

RBI has also directed that all banks would have to create a position of chief information officers (CIOs) as well as steering committees on information security at the board level at the earliest. This direction was provided through the information technology vision document for 2011-17 (IT Vision 2011-17) and the recent notification of the draft report. This document has suggested many technological as well as legal reforms for banking sector of India.

RBI has recently acknowledged the risks of e-banking in India. There are many problems from which the online banking or Internet banking in India is suffering. The most important pertains to maintaining effective cyber security for banking and financial sectors of India. Similarly, there are no effective Internet banking laws in India or online banking laws in India. In the absence of stringent laws in this regard, online banking risks in India are increasing. However, of all the shortcomings, nothing can match the absence of encryption laws and standards in India. In the absence of proper encryption norms in India, e-banking in India is really insecure.

Although, RBI has been taking many far reaching and important steps yet e-banking in India still very risky. Of late, cases of phishing and banking frauds have increased tremendously in India. Further, cyber due diligence of banks in India is still a far dream. Even the directions of RBI to appoint CIOs and steering committees on information security have not yet been implemented.

Cyber security for banking and financial institutions of India is not in proper shape. Even due diligence requirements under the cyber law of India are not properly met. This has forced RBI to upgrade ATM security in India. Further, RBI has also imposed penalty upon 19 banks for non compliance with the regulatory requirements.

Indian banks are poor at cyber security policy formulation and its implementation. Cyber Security Policy is an issue that is very important for Banks of India, says Praveen Dalal, managing partner of New Delhi base ICT law firm Perry4Law and leading cyber law expert of India. With the growing use of Internet Banking, ATM machines, Credit and Debit Cards, Online Banking, etc, Banks of India must also upgrade their Cyber Security Infrastructure and establish a Cyber Security Policy, suggests Dalal.

RBI must rigorously implement the directions and suggestions made in the report of working group. Without stringent actions, the report would never be actually and practically implemented by Indian banks.

Source: Cjnews India.

RBI Working Group On Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds

RBI has recently directed that all banks would have to create a position of Chief Information Officers (CIOs) as well as Steering Committees on Information Security at the board level at the earliest. This direction was provided through the Information Technology Vision Document for 2011-17 (IT Vision 2011-17) and the recent notification of the draft report. This document has suggested many technological as well as legal reforms for banking sector of India.

Although the direction to have CIOs and Steering Committee is very clear yet till now banks in India has failed to comply with this direction. Perry4Law and Perry4Law’s Techno Legal Base (PTLB) have been analysing these issues for long and they have been providing their suggestions in this regard. We believe that RBI must play a more pro active role in analysing whether its Policies and Recommendations are duly complied with. It seems the Recommendations of the Working Group constituted by RBI have still not been implemented. A “Progress Report” must be sought from Banks of India in this regard by RBI as soon as possible.

See ICTPS Blog for more.

Tuesday, December 18, 2012

Report Of The RBI Working Group On Securing Card Present Transaction

The Reserve Bank of India (RBI) is taking cyber security of banking industry very seriously. RBI has been stressing that banks in India are required to ensure cyber due diligence and cyber security due diligence. However, the banks in India have still not done the needful in this regard even though the first quarterly report in this regard is due on 30th June, 2011.

Perry4Law and Perry4Law Techno Legal Base (PTLB) welcome this initiative of RBI and congratulate the working group for coming out with good guidelines.

See ICTPS Blog for more.

National Intelligence Grid (Natgrid) Project Of India

National Intelligence Grid (NATGRID) Project of India is one of the most ambitious Intelligence Gathering Project of India. It has been launched at a time when the Intelligence Infrastructure of India is in a bad shape.

The recent decision of a Government Panel rejecting the proposal to ban Encryption Service Providers like Blackberry, Gmail, Skype, etc has further made the task of Intelligence Agencies of India more tedious. Since the E-Surveillance option has gone now they have to acquire Techno Legal Intelligence Gathering Skills to deal with sophisticated and encrypted communications.

Meanwhile, the Cabinet Committee on Security (CCS) has also given only “Partial In Principle Approval” to NATGRID Project. Since NATGRID Project is not supported by any Legal Framework and Parliamentary Oversight, the “Crucial Stages” of NATGRID Project has not yet been approved by the CCS. Thus, NATGRID Project of India is still in troubled waters as lack of Privacy Laws and Data Protection Laws has put it in doldrums.

Meanwhile similar Security and E-Surveillance Projects have also been launched by Indian Government. These include Projects like Central Monitoring System of India (CMS), Centre for Communication Security Research and Monitoring (CCSRM), Aadhar Project of India, Crime and Criminal Tracking Network and Systems (CCTNS), National Counter Terrorism Centre (NCTC), etc. Once again, all these Projects are without any Legal Framework and Parliamentary Oversight.

To make the matter worst, the Law Enforcement Agencies and Intelligence Agencies of India are also practically not governed by any Legal Framework and Parliamentary Oversight. Whether it is Central Bureau of Investigation (CBI) or Intelligence Agencies of India, none of them are presently “Accountable” to Parliament of India.

See ICTPS Blog for more.

Cyber Crisis Management Plan Of India

India has formulated a Crisis Management Plan for its Cyberspace. However, like other Policies and Strategies in India, it has not been implemented in true letter and spirit. Even the basic level Cyber Security Preparedness in India is not up to the mark.

There are many aspects of a Cyber Crisis Management Plan. For instance, Cyber Security, Cyber Law, Cyber Forensics, Anti Cyber Terrorism Plans, Anti Cyber Espionage Plans, Anti Cyber Warfare Plans, Human Rights Protection in Cyberspace, Critical ICT Infrastructure Protection, etc are some of the “Components” of a Cyber Crisis Management Plan.

Practically we have no Cyber Crimes Laws in India as the Cyber Law of India has made almost all the Cyber Crimes “Bailable”. As far as Cyber Security is concerned, we have no Cyber Security Laws in India and no Cyber Security Policy in India.

As far as other components of Cyber Crisis Management Plan of India are concerned, even they do not exist in India. We have no Cyber Forensics Laws in India, no Cyber Terrorism Policy in India, no Cyber Warfare Policy in India, no Critical ICT Infrastructure Protection Policy in India and no Human Rights Protection in Cyberspace in India.

Even the basic Privacy Rights in India are missing. It is only now the Law Ministry of India has proposed the Right to Privacy Bill 2011 of India. Further, Data Protection Law in India is urgently required.

See PTLB Blog for more.

Cyber Terrorism Against India And Its Defences And Solutions

Cyber terrorism in India is not a new concept. However, for long concepts like cyber warfare, cyber terrorism, etc were not taken seriously by Indian government. Naturally, cyber security in India also could not flourish. The cyber security capabilities of India also could not develop in such circumstances.

Techno legal experts of India have been warning against growing incidences of cyber attacks, cyber crimes, cyber espionages, etc against India. Further, the fact that critical infrastructure protection in India is needed has also been reiterated from time to time.

Sophisticated malware like Stuxnet and Duqu have already proved that critical infrastructures around the world like power grids, nuclear facilities, satellites, defense networks, governmental informatics infrastructures, etc are vulnerable to diverse range of cyber attacks. The truth is that cyber attacks are affecting Indian critical infrastructure and we are not even aware of the same.

The cyber law, cyber crimes and cyber security trends by Perry4Law and Perry4Law’s Techno Legal Base (PTLB) have shown the loopholes of Indian cyber security capabilities. It is high time to plug in these loopholes and deficiencies of Indian cyber security capabilities.

Menaces like cyber terrorism and cyber warfare cannot be effectively tackled till we have both offensive and defensive cyber security capabilities. Further, cyber crisis management plan of India must be urgently formulated and effectively implemented so that cyber terrorism can be prevented in India.  

See Cyber Security Issues In India for more.

Indian Crisis Management Plan For Cyber Attacks And Cyber Terrorism

The threats of cyber attacks, cyber espionage and cyber terrorism are looming large at India. India needs to understand the seriousness of cyber attacks upon its critical infrastructures and cyberspace. To start with, India must formulate a crisis management plan to tackle cyber attacks, cyber terrorism and cyber espionage attempts.

Crisis management plan (CMP) is a measure of readiness to meet uncertainties and future risks and accidents. If we have a good crisis management plan at place, we can minimise the damage and harm to maximum possible extent.

CMP pertaining to information and communication technology (ICT) is an essential part of national ICT policy of India. The other parts of national ICT policy of India are cyber security policy of India, critical infrastructure protection policy of India, critical national infrastructure protection policy of India from cyber attacks, national security policy of India, etc.

Similarly, we must also formulate a cyber security policy for India. With more and more networks and computers are now connected with public utilities and essential public services, cyber security assumes great significance these days. India is also looking forward for mandatory electronic delivery of services. This would increase the risks of cyber attacks upon crucial public delivery systems of India.

The government of India has issues certain guidelines to safeguard Indian cyberspace. According to these guidelines no sensitive information is to be stored on the systems that are connected to Internet. The Government has also claimed to have formulated Crisis Management Plan for countering cyber attacks and cyber terrorism for implementation by all Ministries/ Departments of Central Government, State Governments and their organizations and critical sectors.

The organisations operating critical information infrastructure have been advised to implement information security management practices based on International Standard ISO 27001. Ministries and Departments have been further advised to carry out their IT systems audit regularly to ensure robustness of their systems. Ministry of External Affairs has also issued a comprehensive set of IT security instructions for all users of MEA and periodically updates them on vulnerabilities.

Although the steps taken by Indian government are praiseworthy, they are not sufficient to ward off the sophisticated cyber attacks. The practical implementation of the crisis management plan of India is still missing. With a beginning already taken place, it needs a political will to give it a final shape and help it to reach its final destination.

Source: Cjnews India.

Cyber Security For Power Energy And Utilities In India

Cyber security challenges for smart grids and utilities in India are not unknown these days. Recently, India's power minister Veerappa Moily constituted a three-member panel to investigate massive power failures in the country a few days before.

Keeping in mind the cyber attack angle, he also added four additional members, including a cyber-security expert in this panel making it a seven member’s panel. It is obvious that India is excluding any possible cyber intrusions and cyber attack upon the power grids that may have resulted in blackout.

Power grids and utilities cyber security in India and their challenges are not easy to manage. They require a systematic, dedicated and security oriented approach on the part of Indian government. In fact, smart meters are becoming headache for power companies world wide.

Cyber security in India is still in its infancy stage. Naturally, the critical infrastructure protection in India is still not upto the mark. In fact, we have no critical ICT infrastructure protection policy of India  as well.

Meanwhile, sophisticated and specially customised malware like Stuxnet and Duqu have already proved that critical infrastructures around the world like power grids, nuclear facilities, satellites, defense networks, governmental informatics infrastructures, etc are vulnerable to diverse range of cyber attacks.

Perry4Law’s Techno Legal Base (PTLB) strongly recommends that Indian government must ensure cyber security of energy and utilities in India as soon as possible. SCADA may be the new cyber attack priority for cyber criminals and rouge nations. We must ensure sufficient cyber protection of SCADA systems in India in general and critical infrastructure in particular.

Source: ICTPS Blog.

India Is Facing Serious Cyber Threats

India has been facing serious cyber threats these days. These include threats from cyber espionage, cyber terrorism, cyber warfare, etc. Even social networking sites and cloud computing applications have come under cyber attacks.

Although cyber crimes and cyber threats have increased significantly in India yet cyber crimes prevention and network security in India are still far from perfect. India’s preparedness to tackle growing cyber crimes and cyber attacks is not proper and we do not have any cyber law policy in India.

In fact, cyber attacks and cyber terrorism preparedness of India is missing at all. Cyber terrorism is a concept that is closely related to national security and cyber security of any nation. While the definition and nature of cyber terrorism is still debatable yet none can doubt about the use of information and communication technology (ICT) for attacking crucial computer systems of others, says Praveen Dalal, managing partner of Perry4Law and CEO of Perry4Law’s Techno Legal Base (PTLB).

Realising the importance of cyber security and a defense against cyber terrorism, countries all over the world are streamlining their defense networks. Some have merged their traditional armed forces defenses with technology driven security while others have established a separate and dedicated cyber security segment for themselves. India also needs good techno-legal cyber security for its defense forces.

India must urgently formulate good cyber security policy and effective crisis management plan for cyber attacks and cyber terrorism. The issue must be taken at the national level and a national policy is needed in this regard, says Dalal.

We have launched a centre for protection of human rights in cyberspace that is covering the issues pertaining to protection of critical ICT infrastructure in India, prevention of cyber terrorism in India, cyber espionage in India, defense against cyber war in India, etc. The centre would also provide suggestions and methods to prevent e-surveillance by governmental as well as non-governmental persons and organisations, informs Dalal.

Time has come when India must seriously take issues like cyber security, cyber terrorism, cyber war and other rallied issues. We need both policy level as well as legislative measures to make Indian cyberspace robust and secure. On the legislative side, we must enact strong cyber laws and on the policy side we must enact suitable cyber security policy of India and cyber crimes policy of India.

Till now India lacks initiatives on both these fronts. The present cyber law of India has decayed and it needs must urgently be repealed. The information technology act 2000 is not serving much purposes these days and it must be replaced by a more effective and strong cyber law. Let us hope that Parliament of India would do the needful in the forthcoming session.

Source: Cjnews India.

Mobile Banking Cyber Security Is Required In India

Mobile banking in India is moving towards an acceptance level. However, till now very few people and institutions are comfortable in using mobile banking in India. Mobile banking in India is still not popular according to RBI. There are certain shortcomings of mobile banking in India that are still left unaddressed.

For instance, mobile governance in India is still not well established. M-governance in India is essential before mobile banking can be successfully implemented in India. We have no regulatory framework for m-governance in India. Even the proposed electronic delivery of services bill 2011 of India has failed to provide a mandatory legal framework for electronic delivery of services in India, including for mobile banking. In short, India is still not ready for m-governance and cloud computing especially in the absence of dedicated e-commerce laws in India.

Mobile banking in India is risky due to absence of mobile cyber security in India. Further, online banking system of India is not secure. In the absence of adequate cyber security safeguards, e-banking in India is not safe. The cyber security trends in India 2011 have also proved that Internet banking cyber security in India is in poor shape and it needs to be strengthened. Even data security, privacy and cyber security in Indian banking industry is not satisfactory.

Online banking risks in India are increasing and this is also shaking the confidence of customers in the same. Even RBI has acknowledged risks of e-banking in India. ATM frauds in India are increasing. In fact, Reserve Bank of India (RBI) has recently released the report of its working group on securing card present transaction that covers ATM security and credit card security issues as well. Internet banking risks in India cannot be effectively tackled till we have dedicated Internet banking laws in India.

Although an integrated banking law of India has been proposed yet it may take some years before it is actually enacted. In an interesting development, the RBI removed limits from mobile banking transactions limits in India. This is good for the development of mobile banking in India but is bad for the interests of mobile banking customers who have almost no safeguards against cyber crimes and technology assisted financial frauds happening in the mobile banking field.

The cyber law in India has prescribed cyber law due diligence for various stakeholders. Cyber due diligence for banks in India is just a part of the same. Cyber due diligence for Indian companies including banks operating in India is very stringent. However, Indian banks are not following the guidelines of RBI prescribing mandatory cyber security requirements for banks of India. Further, banks are also liable

Even on the policy front, mobile banking has received a bad response form Indian government. For instance, absence of effective encryption laws in India and non use of robust encryption in India has made the mobile security very weak in India. Instead of making the encryption requirements redundant and weak, India must concentrate upon further strengthening the same for better and secure mobile communications. Governments of most developed countries allow the usage of strong encryption standards ranging from 128 bits to 256 bits or more to ensure the security of sensitive information exchanged via Internet and other networks. However, India is still clinging to 40 bits encryption standards for the simple reason that intelligence and security agencies of India are not capable enough to break strong encryptions.

A weak mobile banking infrastructure would also affect other projects and schemes as well. For instance, recently the Securities and Exchange Board of India (SEBI) has declared about its intentions to introduce electronic initial public offer (E-IPO) in India. This is a good step but E-IPO cannot succeed in the absence of strong mobile banking and Internet banking infrastructure. Online payments mechanisms in India must also be suitable strengthened to make such proposals workable.

India must give these considerations some serious thoughts if it wishes to encash the benefits of technology. Otherwise, concepts like Internet banking and mobile banking are more nuisance than luxury in India.

Source: ICTPS Blog.

Data Security, Cyber Security And Privacy In Indian Banking Industry

Banking industry of India is passing through a transformation age. From technological upgradations to enacting new regulatory norms, banking sector of India is all set for a big change. However, this change is also very demanding and challenging in terms of legal obligations and technological knowledge. Banks in India are finding it difficult to cope with both.

For instance, banks in India are required to not only ensure cyber due diligence in India but also cyber security due diligence in India. Reserve Bank of India (RBI) has very categorically told Indian banks to ensure effective cyber security in their day to day affairs and banking transactions. However, banks in India are not complying with RBI’s cyber security due diligence requirements due to lack of awareness and technical expertise.

Further, on the compliances front as well, banks in India are not doing the needful. For instance, as per RBI’s recommendations, all banks should create a position of chief information officers (CIOs) as well as steering committees on information security at the board level at the earliest. Till now banks in India have not fulfilled these requirements.

Similarly on the front of cyber security Indian banks have not performed well. Cyber security for banking and financial sectors of India is not up to the mark. Internet banking risks in India are in abundance and we have no cyber security of Internet banking in India. Even cyber due diligence for banks in India is not taken seriously by Indian banks. Cyber security of online banking systems in India is by and large below average and many cases of banking financial frauds and cyber crimes have been reported in India.

Even the mobile banking in India is risky as the present banking and other technology related legal frameworks are not conducive for mobile banking in India. We have no dedicated Internet banking laws in India or mobile banking laws in India. Mobile banking transactions in India are risky and untrusting in the absence of mobile cyber security in India. We are still not ready for mobile governance in India as m-governance in India is not going to be successful in the absence of a sound mobile governance policy of India.

Data security and privacy in Indian banking industry is another area that requires special attention of Indian banks. Banks in India must ensure privacy protection and data protection of its customers.

The corporate and banking laws in India are in the process of being streamlined. An Integrated modern banking law in India is also in pipeline. RBI has also prescribed an enhanced due diligence measures by banks of India for higher risks customers. Overall, the emphasis is upon ensuring data security, cyber security and privacy protection by banks operating in India.

Source: Techno Legal News.

Cyber Security For Banking And Financial Sectors Of India

Cyber security is an issue that is very important for India. With the growing use of Internet banking, ATM machines, credit and debit cards, online banking, etc, banks of India must also upgrade their cyber security infrastructure.

Reserve Bank of India (RBI) has taken some very pro active steps in this regard. RBI has made it mandatory to appoint chief information officers (CIOs) and steering committees on information security at the board level at the earliest. The intentions are good and so must be their implementations.

Cyber security cannot be used by banking and financial sectors of India till it is systematically used by them. For that a dedicated cell or wing must be established that can take care of issues pertaining to cyber law, cyber security, cyber forensics, cyber due diligence, etc.

Although there are numerous such due diligence requirements yet banks and financial institutions must consider the cyber security aspects on a priority basis. Indian banks and financial institutions are increasingly facing cyber crimes pertaining to banking industry. Further ATM frauds, credit card cloning, phishing attacks against banks and financial institutions, etc are also on rise.

Further data security and privacy issues are other areas of concern for banks and financial institutions of India. They must consider data security and privacy issues of their customers very seriously otherwise they would be violating the due diligence requirements under various law, especially the cyber law of India. Data security and privacy in Indian banking industry requires immediate attention of RBI.

RBI is already working hard in these directions and its is a matter of time before banks and financial institutions of India would be mandatorily required to ensure strong cyber security, effective data protection and stringent privacy protection of their customers.

Source: Techno Legal News.

Why Indian Critical Infrastructure Are Vulnerable To Cyber Attacks?

In the present interconnected world, cyber security capabilities of India must be urgently developed. In fact, Indian critical infrastructure and cyber security challenges and issues have assumed so much significance that Indian government declared the establishment of National Critical Information Protection Centre (NCIPC) of India.

The best way to ensure critical infrastructure protection in India is to make it a part of national cyber security policy of India. Various cyber security issues of India must also be part of such cyber security policy of India. Further, besides energy, defense, transportation and telecommunication, the financial sector which includes banks and stock exchanges must be suitably protected in India. Unfortunately, till now cyber security challenges of India remain unredressed.

Monday, December 17, 2012

RBI Acknowledges Risks Of E-Banking In India

Reserve Bank of India (RBI) has been playing a pro active role for securing Internet banking and online banking transactions. Recently, RBI showed its intention to boost ATM security in India. In the past, concerns have been raised from time to time for preventing online banking frauds in India by RBI.

There are many problems from which the online banking or Internet banking in India is suffering. The most important pertains to maintaining effective cyber security for banking and financial sectors of India. Similarly, there are no effective Internet banking laws in India or online banking laws in India. In the absence of stringent laws in this regard, online banking risks in India are increasing. However, of all the shortcomings, nothing can match the absence of encryption laws and standards in India. In the absence of proper encryption norms in India, e-banking in India is really insecure.

See Cjnews India for more.

Cyber Security Policy Of India

Till now we have not formulated a National Cyber Security Policy of India that is implantable at National level.

The Cyber Security Policy of India must cover areas like Cyber Laws, Cyber Crimes, Transnational Technological Crimes, Cyber Attacks, Cyber Warfare, Cyber Terrorism, Cyber Espionage, Human Rights Protection in Cyberspace, Critical Infrastructure Protection Plan, Critical ICT Infrastructure Protection, Crisis Management Plan, etc.

Indian Government must also focus upon Techno Legal Cyber Security Skill Development for its employees and departments. Suitable Techno Legal Cyber Security Courses must be made available to Government departments and employees.

See ICTPS Blog for more.

Critical Infrastructure Protection (CIP) And Homeland Security (HS) In India

Critical national infrastructure security in India needs to be strengthened. Highly sophisticated malware like Duqu, Stuxnet, etc targeted India in the year 2011 and India is still investigating the Duqu malware. Indian nuclear facilities, automated power grids, satellites, defense networks, governmental informatics infrastructures, etc are vulnerable to sophisticated cyber attacks. It is still not clear whether Indian satellites are safe from cyber attacks.

Supervisory control and data acquisition (SCADA) is another area of concern. Cyber protection of SCADA systems in India must also be ensured. Similarly, Indian defense and security against cyber warfare needs to be developed so that cyber attacks against India can be thwarted. A good cyber security policy in India must be formulated that must include a critical ICT infrastructure protection policy of India as well. Similarly, effective legal and policy framework for cyber security must also be created in India.

See PTLB Blog for more.

National Critical Information Infrastructure Protection Centre (NCIPC) Of India

In the recent times, there is an increasing stress upon cyber security at the international level. This is so because cyber attacks are happening at the international level and all the countries are facing this threat.

Countries are trying to coordinate cyber security initiatives at national and international levels. However, cyber security in India is still not up to the mark. India is increasingly facing cyber attacks and cyber threats from foreign nationals.

The cyber laws and cyber security trends of India 2011 by Perry4Law and Perry4Law’s Techno Legal Base (PTLB) has clearly showed the cyber security vulnerabilities of India. The cyber law trends of India 2012 have also projected an increased rate of cyber crimes in India and cyber attacks against India in the year 2012.

For instance, cyber terrorism against India, cyber warfare against India, cyber espionage against India and cyber attacks against India have increased a lot. Presently, we do not have a strong cyber law to deter cyber attacks and cyber crimes. Further, we have no cyber security laws in India as well.

Cyber security is also crucial to protect critical infrastructure protection of India. Critical infrastructure protection in India requires a well formulated policy. Presently we have no critical infrastructure protection policy of India. Even critical ICT infrastructure protection in India is required.

A national critical information infrastructure protection centre (NCIPC) of India has been proposed. It intends to ensure critical infrastructure protection and critical ICT infrastructure protection in India.

There are few prerequisites that can make the NCIPC of India successful. Firstly, there must be a centralised ICT command centre of India that can coordinate various cyber security issues. Secondly, specialised agencies and authorities must be constituted for critical infrastructure areas like power, telecom, defense, etc. These agencies and authorities must coordinate with the centralised command centre for cyber security related issues.

Ministry of communication and information technology (MCIT) has already taken certain initiatives in this regard. For instance, a central monitoring system (CMS) project of India has been launched by MCIT to monitor and intercept electronic communications, messages and information. Further, a national telecom network security coordination board (NTNSCB) of India has also been proposed to strengthen the national telecom security of India.

Similarly, the home ministry of India has also launched national intelligence grid (Natgrid) project of India, crime and criminal tracking networks and systems (CCTNS) project of India, national counter terrorism centre (NCTC) of India, etc. These projects intend to strengthen the intelligence gathering and counter terrorism capabilities of India.

However, there is a big problem in the successful implementation of all the abovementioned projects and initiatives as well as the NCIPC of India. Indian government has been avoiding parliamentary oversight of these projects. This is a bad precedent that needs to be urgently taken care of. We need urgent parliamentary oversight for e-surveillance in India, Internet censorship in India, intelligence gathering in India, intelligence authorities of India, central bureau of Investigation, law enforcement agencies of India, Aadhar project of India, etc.

Even privacy laws in India, data security laws in India, data protection laws in India, etc are urgently required to be formulated. The cyber law of India must be suitably amended, perhaps repealed, to make a more robust and stringent cyber law of India. We need dedicated cyber security legal framework in India and cyber forensics laws in India.

For too long Indian parliament has been ignoring its crucial legislative business and it is high time for Indian parliament to do the needful in this regard. Contemporary techno legal issues cannot be left at the mercy and indifference of Indian parliament and Indian government as that may have serious adverse effects upon Indian economy and national security of India.

Source: ICTPS Blog.