India’s cyber infrastructure

  • IASbaba
  • September 5, 2022
  • 0
Security Issues
Print Friendly, PDF & Email

Context:

  • There has been a steady spike in cases of cybercrime in the last five years.
  • In India, cybercrime is increasing with the increased use of information and communication technology (ICT).
  • However, despite this alarming trend, the capacity of the enforcement agencies to investigate cybercrime remains limited.

Need for Cyber Security

Increasing Number of Cyber Attacks:

  • According to the National Crime Records Bureau (NCRB), from 12,317 cases of cybercrime in 2016, there were 50,035 cases registered in 2020.
  • One in four Indian organisations suffered a ransomware attack in 2021 — higher the the global average of 21%.

Increased Digital usage Post-Covid:

  • Critical infrastructure is getting digitised in a very fast way — this includes financial services, banks, power, manufacturing, nuclear power plants, etc.

Cyber terrorism

  • It is premeditated, politically motivated attack against information, computer systems, computer programs, and data which results in violence.

For Protecting Critical Sectors:

  • It is particularly significant given the increasing interconnectedness of sectors and proliferation of entry points into the internet, which could further grow with the adoption of 5G.
  • There were 6.97 lakh cyber security incidents reported in the first eight months of 2020, nearly equivalent to the previous four years combined, according to information reported to and tracked by the Indian Computer Emergency Response Team (CERT-In).
  • A local, state or central government maintains a huge amount of confidential data related to the country (geographical, military-strategic assets etc.) and citizens.

For Individuals:

  • Photos, videos and other personal information shared by an individual on social networking sites can be inappropriately used by others, leading to serious and even life-threatening incidents.

For Businesses:

  • Companies have a lot of data and information on their systems.
  • A cyber-attack may lead to loss of competitive information (such as patents or original work), and loss of employees/customers’ private data resulting in complete loss of public trust in the integrity of the organisation.

Challenges

No procedural code

  • There is no separate procedural code for the investigation of cyber or computer-related offences.
  • As electronic evidence is entirely different in nature when compared with evidence of traditional crime, laying down standard and uniform procedures to deal with electronic evidence is essential.

Shortage of technical staff

  • Second, there have been half-hearted efforts by the States to recruit technical staff for the investigation of cybercrime.
  • A regular police officer, with an academic background in the humanities and management may be unable to understand the nuances of the working of a computer or the Internet.
  • Further, the Information Technology (IT) Act, 2000 insists that offences registered under the Act should be investigated by a police officer not below the rank of an inspector.
  • The fact is that police inspectors are limited in number in districts, and most of the field investigation is done by sub-inspectors.

Lack of Infrastructure – cyber labs

  • Third, the cyber forensic laboratories of States must be upgraded with the advent of new technologies.
  • Offences related to crypto-currency remain under-reported as the capacity to solve such crimes remains limited.
  • While most State cyber labs are sufficiently equipped to analyse hard disks and mobile phones, many are yet to be notified as ‘Examiner of Electronic Evidence’ to enable them to provide expert opinion on electronic records.

Need for localisation

  • Most cybercrimes are trans-national in nature with extra-territorial jurisdiction.
  • The collection of evidence from foreign territories is not only a difficult but also a tardy process.
  • In most social media crimes, except for the prompt blocking of an objectionable website or suspect’s account, other details do not come forth quickly from large IT firms.
  • Therefore, ‘data localisation’ must feature in the proposed Personal Data Protection law so that enforcement agencies are able to get timely access to the data of suspected Indian citizens.

Measures Taken By the Government

  • Information Act, 2000: The Information Act, 2000 is the primary law for dealing with cybercrime and digital commerce in India.
  • National Cyber Security Policy, 2013: The policy provides the vision and strategic direction to protect the national cyberspace.
  • The CERT-In (Cyber Emergency Response Team – India): CERT-In has been operational since 2004. It is the national nodal agency for responding to computer security incidents as and when they occur.
  • Indian Cyber Crime Coordination Centre (I4C): It deals with all types of cybercrimes in a comprehensive and coordinated manner.
  • Cyber Swachhta Kendra: Launched in early 2017, the Cyber Swachhta Kendra provides a platform for users to analyse and clean their systems of various viruses, bots/ malware, Trojans, etc.
  • Cyber Surakshit Bharat: Ministry of Electronics and Information Technology, launched the Cyber Surakshit Bharat initiative to spread awareness about cybercrime and building capacity for safety measures for Chief Information Security Officers (CISOs) and frontline IT staff across all government departments.
  • The Cyber Warrior Police Force: In 2018, the government announced its plans to introduce CWPF. It is proposed to be raised on lines of the Central Armed Police Force (CAPF).
  • Cyber-Crime Prevention against Women & Children’ Scheme: Implemented by the Ministry of Home Affairs, the scheme aims to prevent and reduce cyber-crimes against women and children.

Way forward

  • Building capabilities: There is an urgent need to build capabilities and capacity for application, equipment and infrastructure testing.
  • Human resource: Immediate attention has to be given to human resource development which would increase the number of experts who can effectively manage the cyber security of the country.
  • R&D: Investments should be made on R&D to develop more innovative technologies to address increasing cyber security threats.
  • Policy and Governance: It is important to bring a robust policy and effectively implement the same.
  • Further, duties and responsibilities should be defined clearly for smooth functioning and better coordination among departments and stakeholders.
  • Awareness: A periodic awareness campaign by the government and big private organizations should be conducted to aware people about cyber security threats.
  • Strengthening Private Partnership: It is important to strengthen the public- private partnership on cyber security.

Source: The Hindu

Search now.....

Sign Up To Receive Regular Updates