The number of cyber security incidents has gradually increased in India over the last few years. Minister of State for Electronics and IT, Mr. PP Chaudhary stated that as per the information collected by India’s Computer Emergency Response Team (CERT-in), 44,679, 49,455 and 50,362 cyber security incidents took place in India during the years 2014, 2015 and 2016, respectively. These incidents include phishing, website intrusions, and defacements, virus and denial of service attacks amongst others. As per the ‘2016 Cost of Data Breach Study: India’ the average total cost of a data breach paid by Indian companies increased by 9.5 percent, while the per capita cost increased by 8.7 percent and the average size of a breach grew by 8.1 percent.
Although, the government has taken certain cyber security initiatives as discussed below, more expansive and aggressive measures are required to meet the rising challenges.
National Cyber Security Policy, 2013:
The Government of India took the first formalized step towards cyber security in 2013, vide the Ministry of Communication and Information Technology, Department of Electronics and Information Technology’s National Cyber Security Policy, 2013.
The Policy is aimed at building a secure and resilient cyberspace for citizens, businesses, and the Government. Its mission is to protect cyberspace information and infrastructure, build capabilities to prevent and respond to cyber attacks, and minimize damages through coordinated efforts of institutional structures, people, processes, and technology.
The objectives of the policy include creating a secure cyber ecosystem, compliance with global security standards, strengthen the regulatory framework, creating round the clock mechanisms for gathering intelligence and effective response, operation of a National Critical Information Infrastructure Protection Centre for 24×7 protection of critical information infrastructure, research, and development for security technologies, create a 500,000 strong cyber security workforce, to provide financial benefits to businesses for adopting cyber security practices, to build public private partnerships for cooperative cyber security efforts.
Some of the strategies adopted by the Policy include:
- Creating a secure cyber ecosystem through measures such as a national nodal agency, encouraging organizations to designate a member of senior management as the Chief Information Security Officer and develop information security policies.
- Creating an assurance framework.
- Encouraging open standards.
- Strengthening the regulatory framework coupled with periodic reviews, harmonization with international standards, and spreading awareness about the legal framework.
- Creating mechanisms for security threats and responses to the same through national systems and processes. National Computer Emergency Response Team (CERT-in) functions as the nodal agency for coordination of all cyber security efforts, emergency responses, and crisis management.
- Securing e-governance by implementing global best practices, and wider use of Public Key Infrastructure.
- Protection and resilience of critical information infrastructure with the National Critical Information Infrastructure Protection Centre operating as the nodal agency.
- To promote cutting edge research and development of cyber security technology.
- Human Resource Development through education and training programs to build capacity.
In 2014, the Prime Minister’s Office created the position of the National Cyber Security Coordinator. In 2016, in response to the intrusions by infamous hacker group ‘Legion’, the Ministry of Electronics and Information Technology issued several orders and directives. These included use of the National Payment Corporation of India (NPCI) to audit the financial sector, review, and strengthening of the IT Act, directives to social networking site Twitter to strengthen its network, and directives to all stakeholders of the financial industry including digital payment firms to immediately report any unusual incidents.
Some agencies that deal with cyber security in India are National Technical Research Organisation, the National Intelligence Grid, and the National Information Board. To address cyber security issues in India, the government has recently introduced some other important measures as discussed below.
Cyber Swachhta Kendra’ (Botnet Cleaning and Malware Analysis Centre)
To combat cyber security violations and prevent their increase, Government of India’s Computer Emergency Response Team (CERT-in) in February 2017 launched ‘Cyber Swachhta Kendra’ (Botnet Cleaning and Malware Analysis Centre) a new desktop and mobile security solution for cyber security in India.
CERT-in operate centre under Section 70B of the Information Technology Act, 2000. The solution, which is a part of the Ministry of Electronics and Information Technology’s Digital India initiative, will detect botnet infections in India and prevent further infections by notifying, enable cleaning and securing systems of end-users. It functions to analyze BOTs/malware characteristics, provides information and enables citizens to remove BOTs/malware and to create awareness among citizens to secure their data, computers, mobile phones and devices such as home routers.
The Cyber Swachhta Kendra is a step in the direction of creating a secure cyber ecosystem in the country as envisaged under the National Cyber Security Policy in India. This center operates in close coordination and collaboration with Internet Service Providers and Product/Antivirus companies to notify the end users regarding infection of their system and providing them assistance to clean their systems, as well as industry and academia to detect bot infected systems.
The center strives to increase awareness of common users regarding botnet, malware infections and measures to be taken to prevent malware infections and secure their computers, systems, and devices.
The Centre offers the following security and protective tools:
- “USB Pratirodh”, was also launched by the government which, Union IT and Electronics Minister Ravi Shankar Prasad states is aimed at controlling the unauthorized use of removable USB storage media devices like pen drives, external hard drives and USB supported mass storage devices.
- An app called “Samvid” was also introduced. It is a desktop based Application Whitelisting solution for Windows operating system. It allows only preapproved set of executable files for execution and protects desktops from suspicious applications from running.
- M-Kavach, a device for the security of Android mobile devices has also been developed. It provides protection against issues related to malware that steal personal data & credentials, misuse Wi-Fi and Bluetooth resources, lost or stolen mobile device, spam SMSs, premium-rate SMS and unwanted/unsolicited incoming calls.
Collaboration with industry partners
Development of Public Private Partnerships is an important strategy under the National Cyber Security Policy 2013. Pursuant to this aim, under the aforementioned Cyber Swachhta Kendra initiative, antivirus company Quick Heal is providing a free bot removal Tool.
To combat the ever-evolving techniques of cyber intrusions, the government also recognizes the need for working in collaboration with industry partners. Consequently, Cisco and Ministry of Electronics and Information Technology’s Indian Computer Emergency Response Team (CERT-In) have signed a Memorandum of Understanding (MoU) whereby a threat intelligence-sharing programme will be established, wherein personnel from Cisco and CERT-In will work collectively to tackle digital threats and develop and incorporate new ways to improve cyber security.
International Cooperation Initiatives
Information sharing and cooperation is an explicit strategy under the 2013 Policy. Consequently, as an answer to the increasingly international nature of cyber crime, the Indian government has entered into cyber security collaborations with countries such as the USA, European Union, and Malaysia. The U.K. has agreed to assist in developing the proposed National Cyber Crime Coordination Centre in India.
The shared principles of the U.S.-India Cyber Relationship Framework provide for the recognition of the leading role for governments in cyber security matters relating to national security; a recognition of the importance of and a shared commitment to cooperate in capacity building in cyber security and cyber security research and development, and A desire to cooperate in strengthening the security and resilience of critical information infrastructure.
The areas of corporation provide inter alia that both countries agree to share and implement cyber security best practices, share cyber threat information on a real-time basis, develop joint mechanisms to mitigate cyber threats, promote cooperation between law enforcement agencies and improve their capacity through joint training programs, encourage collaboration in the field of cybersecurity research, and Strengthening critical Internet infrastructure in India.
Experts have suggested the setting up of a National Cyber Security Agency (NCSA) to address cyber security issues and improve implementation at a national level. Such an agency is suggested to be equipped with staff that is technically proficient in both defensive and offensive cyber operations, to encrypt platforms and collects intelligence. Another proposed measure is setting up of a National Cyber Coordination Centre (NCCC) as a cyber security and e-surveillance agency, to screen communication meta data and coordinate the intelligence gathering activities of other agencies. NCCC received prima facie approval in May 2013 to operate under the National Information Board. In November 2014, Rs. 800 crore out of 1,000 crores allotted to improve Indian cyber security would be utilized for NCCC purposes. However, establishing an NCCC like body would require compliance and adherence to international privacy law standards. It is hoped that the Government’s initiatives can keep pace with the rapidly changing nature of cyber attacks.
References http://tech.firstpost.com/news-analysis/government-of-india-launches-cyber-swachhta-kendra-a-new-mobile-and-desktop-security-solution-363415.html  https://securityintelligence.com/as-india-gears-up-for-cybersecurity-challenges-threats-are-multiplying/  http://meity.gov.in/sites/upload_files/dit/files/National%20Cyber%20Security%20Policy%20%281%29.pdf  http://economictimes.indiatimes.com/articleshow/55963728.cms?utm_source=contentofinterest&utm_medium=text&utm_campaign=cppst  http://www.cyberswachhtakendra.gov.in/about.html  Ibid  http://tech.firstpost.com/news-analysis/government-of-india-launches-cyber-swachhta-kendra-a-new-mobile-and-desktop-security-solution-363415.html  http://www.theweek.in/news/sci-tech/cisco-india-unveils-three-cyber-security-initiatives.html  https://obamawhitehouse.archives.gov/the-press-office/2016/06/07/fact-sheet-framework-us-india-cyber-relationship  http://www.thehindu.com/opinion/columns/upgrading-indias-cyber-security-architecture/article8327987.ece  http://www.hindustantimes.com/india/india-s-cyber-protection-body-pushes-ahead/story-4xa9tjaz6ycfDpVg95YqPL.html  http://www.business-standard.com/article/economy-policy/rs-1-000-cr-set-aside-for-cyber-shield-114110401377_1.html
Visit our Instagram page @lawyergyan at this link.
For more BLOG/ NEWs, CLICK HERE.
Please Subscribe for more updates.
Lawyers Gyan has no control over above-listed items as it is directly from the customer or taken from other sources. Despite our best efforts, some of the content may contain errors. You can trust us, but please conduct your checks too. In case of any discrepancy please write to email@example.com.