Information Security Environment in India

12/06/2020 0 By indiafreenotes

Information Technology Act, 2000

(i) The act regulates use of computers, computer systems, computer networks and also data and information in electronic format.

(ii) The act lists down among other things, following as offences:

  • Tampering with computer source documents.
  • Hacking with computer system
  • Act of cyber terrorism i.e. accessing a protected system with the intention of threatening the unity, integrity, sovereignty or security of country.
  • Cheating using computer resource etc.

Strategies under National Cyber Policy, 2013

  • Creating a secure cyber ecosystem.
  • Creating mechanisms for security threats and responses to the same through national systems and processes.
  • National Computer Emergency Response Team (CERT-in) functions as the nodal agency for coordination of all cyber security efforts, emergency responses, and crisis management.
  • Securing e-governance by implementing global best practices, and wider use of Public Key Infrastructure.
  • Protection and resilience of critical information infrastructure with the National Critical Information Infrastructure Protection Centre (NCIIPC) operating as the nodal agency.
  • NCIIPC has been created under Information Technology Act, 2000 to secure India’s critical information infrastructure. It is based in New Delhi.
  • Promoting cutting edge research and development of cyber security technology.
  • Human Resource Development through education and training programs to build capacity.

Challenges

  • Increased use of mobile technology and internet by people.
  • Proliferation of Internet of Things (IoT) and lack of proper security infrastructure in some devices.
  • Cyberspace has inherent vulnerabilities that cannot be removed.
  • Internet technology makes it relatively easy to misdirect attribution to other parties.
  • It is generally seen that attack technology outpaces defence technology.
  • Lack of awareness on Cyber security.
  • Lack of Cyber security specialists.
  • Increased use of cyberspace by terrorists.

Recent Steps taken by Government

  1. Cyber Surakshit Bharat Initiative

It was launched in 2018 with an aim to spread awareness about cybercrime and building capacity for safety measures for Chief Information Security Officers (CISOs) and frontline IT staff across all government departments.

  1. National Cyber security Coordination Centre (NCCC)

In 2017, the NCCC was developed. Its mandate is to scan internet traffic and communication metadata (which are little snippets of information hidden inside each communication) coming into the country to detect real-time cyber threats.

  1. Cyber Swachhta Kendra

In 2017, this platform was introduced for internet users to clean their computers and devices by wiping out viruses and malware.

  1. Security Education and Awareness Project (ISEA)

Training of 1.14 Lakh persons through 52 institutions under the Information Security Education and Awareness Project (ISEA) – a project to raise awareness and to provide research, education and training in the field of Information Security.

  1. International cooperation

Looking forward to becoming a secure cyber ecosystem, India has joined hands with several developed countries like the United States, Singapore, Japan, etc. These agreements will help India to challenge even more sophisticated cyber threats.

Way Forward

  • Real-time intelligence is required for preventing and containing cyber attacks.
  • Periodical ‘Backup of Data’ is a solution to ransomware.
  • Using Artificial Intelligence (AI) for predicting and accurately identifying attacks.
  • Using the knowledge gained from actual attacks that have already taken place in building effective and pragmatic defence.
  • Increased awareness about cyber threats for which digital literacy is required first.
  • India needs to secure its computing environment and IoT with current tools, patches, updates and best known methods in a timely manner.
  • The need of the hour for Indian government is to develop core skills in cyber security, data integrity and data security fields while also setting stringent cyber security standards to protect banks and financial institutions.