Cybersecurity: Key Issues in India

Cybersecurity: Key Issues in India

Question: Cybersecurity has become a very important issue due to technological advancement. Discuss the key issues underlying cybersecurity in India.

• Cybersecurity is one of the key concerns in the present age of techno savvy administration and operation

• The nature of the new threat has confirmed that boundaries no longer extend merely to the secure facilities of the government

• Consider the cyberattack on Estonia, an ex Soviet republic wherein anonymous hackers launched a massive attack on the nation’s information systems and brought critical infrastructure services such as power and banking to a stop. The attack was known as the DDoS or the Deliberate Denial of Service

• Attacks such as these expose the vulnerability of the systems which operated many of the critical sectors in the country from defence and power to aviation, energy and law enforcement

• CII or Critical Information Infrastructure needs to be protected

Issues Underlying Cybersecurity

• Last decade has created much awareness among GoI organisations that future threats will be mostly confined to cyberspace

• Indian security establishment however had not taken corrective measures to guard against the same

• In the year 2008, when the Information Technology Act 2000 underwent amendment, introduction of Sections 70A and 70B were largely ignored by policy makers and implementers

• Article 70A had mandated the need for specialised agency to look into designated CIIs and come up with practices, policies and procedures to deflect cyber attacks; Government took six years to create this agency.

• Though the National Critical Information Infrastructure Protection Sector was placed under a technical intelligence agency National Technical Research Organisation to roll out countermeasures, this agency has not seen much in the way of implementation in recent times.

• Critical sector has been defined as sectors vital to the nation and whose decimation will harm national security, safety, economy or public health

• 12 such sectors have been identified , but sectors still lack delineated guidelines to address distinctive challenges in cyberspace

• PPP mode projects are needed in the field of cybersecurity because only a joint mechanism can ward off attacks

• While the government is a regulatory authority, the private sector seeks less control

• Both sectors need to conduct joint exercises, achieve synergy and built countermeasures and map vulnerabilities

• IT Rules also have certain shortcomings. these rules can be superseded by agreement

• Intermediary Guideline Rules permit blocking of content on the internet, but this may violate the right to free speech and freedom of expression

• Cyber cafe rules have adverse implications for personal safety and privacy of users

Facts and Stats

Government notified 4 sets of rules under the Information Technology Act 2000 amended in 2008 in the year 2011:

• Intermediary Guideline Roles prevent content of specific nature on the internet and the website host is required to block the content

• Electronic Service Delivery Rules have stipulated the government will locate certain services such as applications, licenses and certificates for electronic delivery