Cyber Laws to deal with Cybercrimes in India
With information technology being applied to trade and
commerce as well as to governance, cyberspace becomes a very vulnerable zone. At
the same time the issues of individual/personal privacy and other social and
cultural practices are at stake. Therefore, a systematic framework of cyber
laws is required to act as a facilitator.
Cyber Security is a process, technique or procedure to ensure
the information security goals. Cyber
security includes IT security, digital security, electronic security, systems
security, internet security etc.
The Global Cybersecurity Index,2017 by the International
Telecommunication Union, which measured the commitment of nations to
cybersecurity, ranked India 23 out of 165 nations.
India and Cyber Space
India’s vulnerability to cyberattacks is going to increase
exponentially with the development of infrastructure and programmes such as
Digital India, National Optical Fibre Network, eGovernance, eCommerce and
India’s dismal Performance in Cyber Security
Scorpene Submarine Data Leek Case is another
reminder of India’s need to re-look at its cyber security norms. As the leak could provide crucial
intelligence data to India’s strategic rivals, such as Pakistan or China.
The government claimed that the potential
ransomware attack had no serious impact on India, with only isolated incidents reported across the country while
cybersecurity experts claim that the malware
infected at least 48,000 computer systems
across various organisations in India. This raises doubts as to whether ransomware attacks
would even be properly understood and
reported in India.
Issues in Cyberspace
Data protection and protection of privacy of
individuals and corporate entities. Hackers are breaking into computer systems
without owner’s knowledge and consent.
While Digital India can bridge the rural- Urban
Divide but the legal framework for implementing the same is not in existence.
Entire framework of digital India is based on cyber security and cyber security
will play a major part in ensuring the success of Digital India.
frauds- Companies not complying with RBI guidelines of double
pornography- UNICEF in its report titled ‘State of the World’s Children 2017: Children in a Digital World’,
stated that “1 in every 3 internet users worldwide is a child and optimum
efforts should be made to ensure that children have access to safe online
content. And UNICEF has pointed out that there is need to make the digital
world safer for the children.
Financing- Terrorist groups are using cyber networks to formulate plans,
raise funds, spread propaganda etc.
Cyber-attacks lead to heavier losses like
operational disruptions, loss of sensitive information and designs, impact on
brand image etc.
Protection of copyright and other intellectual
International Cyber Laws
It is widely believed that the 2016 US
presidential election was an easy
target for Russian cyberespionage, which
tilted the balance in favour of Donald Trump.
A year later, the French presidential
election in April 2017 also saw a similar cyberattack, in which hackers attempted to sabotage the
election chances of the presidential candidate,
The Internet now has the potential
to affect the geopolitics of states as well
as their geo-economics.
The Snowden leak (2013) has brought into
focus the extent of the mass unwarranted cyber
surveillance by a single country
(USA). It has raised serious concerns
regarding the sovereignty and security of
nation states and the violation of basic human rights such as the right to privacy. Therefore, there is an immediate need to
have strong International Cyber laws to regulate such global threats.
The convention Came into force on 1st July 2004.
It is the first international treaty on cybercrimes.
Its main objective, set out in the preamble, is
to pursue a common criminal policy aimed at the protection of the society
against cybercrime, especially by adopting appropriate legislation and
fostering international co-operation.
Cyber Laws in India
Information Technology Act (IT Act), 2000.
The IT Act is an umbrella legislation that
primarily aims to regulate electronic commerce
as well as gradually promote a culture of e-govemance
It seeks to effectuate the 1997 United Nations
Commission on International Trade Law
(UNCITRAL) Model Law on E-Commerce and
refers to it in its preamble.
Information Technology (Amendment) Act, 2008.
IT ACT, 2000 was amended through Information
Technology (Amendment) Act, 2008.
The amendment widened the definition of Cyber
Security. Act added provisions to the existing Information Technology Act, 2000
to deal with new forms of cyber-crimes like publicizing sexually explicit
material in electronic form, video voyeurism, cyber terrorism, breach of
confidentiality and leakage of data by intermediary and ecommerce frauds.
The law seems to take a reasonable effort to tackle two areas of policy in need of
reform: cybersecurity and data privacy.
Critical evaluation Of IT Act 2000
IT Act 2000, is inadequate to deal with the current requirements,
it was amended last in 2008. Proliferation of social media, growth of
e-commerce and demonetisation, etc. which has spurred the growth in the digital
economy, so the IT act need to be reconsidered in the light of these
National Cyber Security Policy 2013
aims to ensure a secure and resilient cyberspace for citizens, businesses, and
To generate adequate trust & confidence in
IT systems and transactions in cyberspace and thereby enhance adoption of IT in
all sectors of the economy.
To establish a National and Sectoral level 24 x
7 mechanisms for obtaining strategic information regarding threats to ICT
Provisions for fiscal benefits to businesses/organisations
for adoption of standard security practices and processes.
It aims for the creation of a 5,00,000-person workforce (cyberwarriors) skilled in
within five years.
Need for effective Cyber Security Policy
In a cyberattack in May 2017, hackers
were able to swindle
about $170 million from the account of the Union
Bank of India.
Such incidents have raised
concerns about the nature and extent of
cyberattacks in India and the need for appropriate policy, legal, and security
International Cooperation in field of Cyber Security
Global Conference on Cyberspace (GCCS)
It was hosted in India in 2016.
This is a conference held biennially since 2011(London).
It is a platform where governments, private
sector and civil society gather to discuss and promote practical cooperation in
cyberspace, to enhance cyber capacity building, and to discuss norms for responsible
behaviour in cyberspace.
Cyber Security Cooperation between India and Israel
agreement envisages collaboration in the field of cyber security resilience, promoting
B2B cooperation in cyber security and facilitating industrial summits.
is also meant to develop, promote and expand cooperation in the field of Human
programmes, skill development in field of cyber security is a major focus.
Govt Efforts for ensuring effective Cyber Security Environment
Gulshan Rai Committee on Cybersecurity
Gulshan Rai committee, report on “Roadmap for Effectively Tackling Cyber
Crimes in the Country” few important recommendations are:
An Indian Cyber Crime Coordination Centre should
be established, and which should be linked to NATGRID and CCTNS (Crime and
Criminal Tracking Network System)
Along with one dedicated secure gateway for all
Government’s dependence on foreign servers
should be reduced.
To suit the current requirements and prosecute the
cybercrimes the Evidence act should be amended.
BN Srikrishna Committee for data protection framework
A committee to identify “key data protection
issues” and recommend a framework for data protection law in the country.
Indian Computer Emergency Response Team
(CERT-In) is a government mandated nodal agency for information technology (IT)
It was established in 2004 under the aegis of
Department of Information Technology, Ministry of Electronics and IT.
has set up first NIC-CERT centre to prevent, predict cyber-attacks.
an initiative by the Ministry of Information Technology under Digital India to
enhance the security posture of NIC and the government.
Cyber Swachhta Kendra launched in New Delhi
The Ministry of Electronics & Information Technology
(MeitY) launched Cyber Swachhta Kendra a new desktop and mobile security
solution for a secure cyberspace in the country. The centre is operated by the
Indian Computer Emergency Response Team (CERT-In).
The Cyber Swachhta Kendra is part of the government of
India’s Digital India.Three cyber protection tools were also launched.
Pratirodh: It is a desktop security solution to protect from USB mass
storage device threats.
It is an indigenously developed mobile application to address the security
threats in mobiles
samvid: It aims to protect systems by preventing threats from malicious
applications and allowing installation through white listing.
Indian Cyber Crime Coordination Center (I4C)
Central Government has established Indian
Cyber Crime Coordination Center (I4C) at National Level to deal with all
types of cyber-crime.
It will act a nodal point in fight against
Cyber Crime also as Early Warning System for Law Enforcement Agencies.
It will also set up a platform for victims to
lodge Cyber Crime complaints.
I4C can be used to investigate the cases of
Cyber-Crime including Child Pornography and Online Abuse.
Challenges in Cyber Security
Low level of awareness- A number of cyber security
incidents go unidentified and unreported.
The cyber infrastructure for adequate
point-of-sale (POS) machines is still massively below requirement.
Scarcity of trained manpower to counter
and investigate cyber-attacks.
Absence of any geographical barriers for cybercrime
makes it difficult to locate the attackers.
Technology in field of cyberspace is rapidly
evolving which further pose challenges on the Security architecture.
Lack of coordination: There are many counter cyber-attack agencies without
effective coordination and information sharing.
Suggestion for improving Cyber Security infrastructure and to ensure
protection from such threats
Cyber education should start at school level to keep children well informed, engaged and
Delhi High Court has ordered the internet
companies to appoint the grievance officers, if this is done properly it will
help the enforcement Agencies too in implementing the law.
One misconceptions about cyber-attacks is that
they restricted to the financial services and banking sector. Cybersecurity
needs to be integrated in every aspect of policy and planning.
To face the challenges due to Cyber threats or
social Media, the present capabilities of specialized organization like Indian
Computer Emergency Response Team (CERT-IN), Centre for Development of Advanced
Computing (C-DAC) need to be strengthened.
A ‘Cyber Wing’ in each the four divisions of the
National Cadet Corps (NCC) of India can be established to train the students
related to cyber security threats.
While drafting cyber laws, there should be a
mechanism to take inputs from the industry. Because the responsibility of
securing the cyberspace where one is operating, lies not only with countries at
large, but also with individuals and enterprises.
Governments, private sector, children’s
organizations and families should take Collective action for making digital
world safer and accessible for children.
Govt need to ensure that cyber protection
becomes an attractive and viable career option for the youth.
We should learn from international examples as European
Union and United States have very strict cyber laws and they have imposed heavy penalties against the defaulting companies
in the past.