Cyber Security Breaches Need A Mandatory Reporting Mechanism

Cyber security attacks have become very sophisticated in nature. The recent malware named Uroburos/Snake is another example of growing cyber espionage and cyber warfare among various nations. The era of websites defacement is well over and stealing of sensitive information is the new trend.

India is a very late starter as far as cyber security is concerned. The speed of cyber security initiative of India is still very slow. Further, there is no dedicated cyber security law of India that can be used in cases of cyber crimes, cyber attacks and cyber contraventions. The information technology act, 2000 is ill suited to take care of the cyber security related issues in India.

The telecom companies/internet services providers (ISPs) are also not sharing information pertaining to cyber attacks against their networks. As a result, a robust cyber security strategy to counter cyber attacks cannot be formulated.

National Security Council Secretariat (NSCS) has requested Reliance Jio Infocomm to share potential cyber security threats on India’s telecom networks. India has announced that cyber security breach disclosure norm would be formulated very soon. However, till now no such disclosure norms are applicable in India against telecom companies/ISPs of India.

Strict enforcement of the license conditions (PDF) and the proposed national telecom security policy of India 2014 may change this scenario in the near future. However, nothing is better than formulating a good cyber security law of India that can establish a regulatory regime for compulsory cyber security breach notifications on the part of telecom companies/ISPs.  

This is important as critical infrastructures of India like automated power grids, thermal plants, satellites, etc are vulnerable to diverse forms of cyber attacks. This is the reason why NTRO has been assigned the task of protecting the critical infrastructure of India. Till the national cyber coordination centre (NCCC) is put into place, national level cyber security coordination would be missing.

The cyber crisis management plan of India and the cyber security policy of India must also be made operational as soon as possible. Let us hope that Indian government would do the needful as soon as possible.