Cyber security or information technology security are the techniques of protecting computers, networks, programs and data from unauthorised access or attacks that are aimed for exploitation of cyber-physical systems and critical information infrastructure.
Cyber security is a complex issue that cuts across multiple domains and calls for multi-dimensional, multilayered initiatives and responses. It has proved a challenge for governments because different domains are typically administered through silos of ministries and departments. The task is made all the more difficult by the rudimentary and diffused nature of the threats and the inability to frame an adequate response in the absence of tangible perpetrators.
The rise in the Internet uses has meant that while the threats and vulnerabilities inherent to the Internet and cyberspace might have remained more or less the same as before, the probability of disruption has grown apace with the rise in the number of users. While such disruptions are yet to cause permanent or grievous damage worldwide, they serve as a wake-up call to the authorities concerned to initiate measures to improve the security and stability of cyberspace in terms of their own security. Government’s push for Digital India programme makes cyber security, more important than ever. Social Media represents another facet of untamed universe of technology, which is constantly testing our conventional understanding of the nature of risks to national security.
Types of Cyber Threat
Cyber threats can be disaggregated, based on the perpetrators and their motives, into four baskets:
- Cyber crime
- Cyber terrorism
- Cyber warfare
- Cyber espionage
Cyber attackers use numerous vulnerabilities in cyberspace to commit these acts. They exploit the weaknesses in software and hardware design through the use of malware. Hacking is a common way of
piercing the defences of protected computer systems and interfering with their functioning. Identity theft is also common. The scope and nature of threats and vulnerabilities is multiplying with every passing day.
“The development of information and communications technologies and the increasing use of the Internet create new opportunities for offenders and facilitate the growth of crime.” —Salvador Declaration, UN
Cyber Crime is both asocial and economic phenomenon. The Convention on Cybercrime popularly known as the Budapest Convention is the first International Treaty seeking to address Internet and computer crime by harmonizing national laws, improving investigative techniques, and increasing cooperation among Nations.
Cyber crime is a crime that uses a computer as its primary means of commission and also includes any illegal activity that uses a computer for the storage of evidence.
Cyber crime is a crime with global dimension. To combat and prevent cyber crime, a legal framework for the criminalisation of cyber criminals is the need of the hour. Proper investigation and prosecution may result in an effective response to cyber crimes. In India, the Information Technology Act, 2000 and its corresponding Rules, mainly provides ways to deal with cyber crimes. It is interesting to note that the expression
‘cyber crime’ has not been defined by the Information Technology Act, 2000, which addresses cases related to cyber crime along with Indian Penal Code. However, the Act provides legal recognition for transactions carried out by means of electronic data interchange, and other means of electronic communication, commonly referred to as “electronic commerce”.
Cyber Terrorism, also known as electronic terrorism or information wars, can be defined as any act of Internet terrorism which includes deliberate and large-scale attacks and disruptions of computer networks using computer viruses, or physical attacks using malware, to attack individuals, governments and organizations. While cyber-crime is often motivated by economic gain, and hacking, or internet vandalism, cyber terrorism, often is done to satisfy the hacker’s ego, cyber terror is fuelled by an ideology.
The goal of terrorism is to create a feeling of terror in the minds of the victims. Likewise, Cyber terrorists operate with the goal of damage and destruction at the forefront of their activities. Cyber terrorism threatens us the most at the vulnerable points where our physical and virtual worlds converge. As more and more civilian and military infrastructure becomes computerized to various extents via the “Internet of Things,” the potential for cyber terror attacks greatly increases.
In Iran, the Stuxnet virus proved to the world that malware infections are able to disrupt the operations at their nuclear facilities. In Ukraine, cyber-attacks on their energy provider resulted in deliberate blackouts. Currently, cyber terror groups stand to gain more through financial cyber-crime rather than cyber terror. These financial gains, however, could be used to pay for larger cyber terror operations through the hiring of professional hackers with considerable experience.
The government has taken a number of measures to counter the use of cyberspace for terrorist-related activities, especially in the aftermath of the terrorist attack in Mumbai in November 2008. Parliament passed amendments to the IT Act, with added emphasis on cyber terrorism and cyber crime, with a number of amendments to existing sections and the addition of new sections, taking into account these threats.
Hacktivism is the act of hacking a website or computer network in an effort to convey a social or political message. The person who carries out the act of hacktivism is known as a hacktivist. In contrast to a malicious hacker who hacks a computer with the intent to steal private information or cause other harm, hacktivists engage in similar forms of disruptive activities to highlight political or social causes. For the hacktivist, hacktivism is an Internet enabled strategy to exercise civil disobedience. Acts of hacktivism may include website defacement, denial-of-service attacks (DoS), redirects, website parodies, information theft, virtual sabotage and virtual sit-ins.
Cyber warfare is any virtual conflict initiated as a politically motivated attack on an enemy’s computer and information systems. Waged via the Internet, these attacks disable financial and organizational systems by stealing or altering classified data to undermine networks, websites and services. Cyber warfare is also known as cyber war or Information Warfare. The cyber-attacks across the world have increased because:
- It is being considered as a legitimate mode of attrition between nations.
- With cyberspace all set to become the fifth dimension of warfare, countries around the world are busy preparing to face the threat of cyber war where attackers remain incognito.
- Anonymity is perhaps the biggest advantage associated with cyber-attack.
- A cyber weapon is an intellectual property (IP) which can be used in peace time and during war time. These weapons largely depend upon Zero Day exploits and vulnerabilities, and have limited shelf life.
These illegal exploitation methods are used to disable networks, software, computers or the Internet to steal or acquire classified information from rival institutions or individuals for military, political or financial gain. Instances of cyber espionage are becoming quite common, with regular reports of thousands of megabytes of data and intellectual property worth millions being exfiltrated from the websites and networks of both government and private enterprises.
- This has the most serious implications and includes Distributed Denial of Service (DDOS), destruction of data, and insertion of malware and logic bombs. It also encompasses actions in war such as those taken for preparation of the battlefield. Military and financial computer systems are at risk for the disruption of normal operations and equipment, such as communications, fuel, power and transportation infrastructures. As per a report by Indian Computer Emergency Response Team (CERT-ln), cyber incidents observed in India increased from 44,679 in 2014 to 53,081 in 2017.
Methods of Cyber Crime and Cyber Terrorism
Hacking is an attempt to exploit a computer system or a private network inside a computer. Simply put, it is the unauthorised access to or control over computer network security systems for some illicit purpose.
It is a malicious program where it replicates itself and aim to only destroy a computer. The ultimate goal of a virus is to ensure that the victim’s computer will never be able to operate properly or even at all.
Trojan is one of the most complicated threats among all. It has the ability to hide itself from antivirus detection and steal important banking data to compromise your bank account. If the Trojan is really powerful, it can take over your entire security system as well.
A computer worm is a type of malware that spreads copies of itself from computer to computer. A worm can replicate itself without any human interaction. For example, Stuxnet.
Denial of Service
Denial-of-Service (DoS) is an attack targeted at depriving legitimate users from online services. It is done by flooding the network or server with useless and invalid authentication requests which eventually brings the whole network down, resulting in no connectivity. As a result of this, users are prevented from using a service.
A fake website which is designed to look almost like the actual website is a form of phishing attack. The idea of this attack is to trick the user into entering their username and password into the fake login form which serves the purpose of stealing the identity of the victim.
Email Related Attacks
Crimes done using emails form the larger threat to cyber space. Spreading rumours, luring people with wrong information, issuing threats and posing defamatory messages, etc. are some types of email related attack.
Social Engineering Attacks
Tricking computer users into revealing computer security or private information, e.g. passwords, email
addresses, etc. by exploiting the natural tendency of a person to trust and/or by exploiting a person’s emotional response.
A whaling attack is a targeted attempt to steal sensitive information from a company such as financial information or personal details about employees, typically for malicious reasons. It is called “whaling” because of the size of the targets relative to those of typical phishing attacks, “whales” are carefully chosen because of their authority and access within the company.
Terrorists, fundamentalists, insurgents, rebels etc. use encryption to mask the data they want to store or communicate. It is not as easy task trying to decrypt the encrypted messages.
IP spoofing refers to connection hijacking through a fake Internet Protocol (IP) address. IP spoofing is the action of masking a computer IP address so that it looks like it is authentic. During this masking process, the fake IP address sends what appears to be a malevolent message coupled with an IP address that appears to be authentic and trusted.
Skimming is illegal copying of information, from the magnetic strips found on credit cards and debit cards. Card skimming is considered a more direct version of a phishing scam. Store clerks who skim cards may do so by having customers swipe their cards more than once, or by taking the card to another location within the store. Card skimming may also occur when a perpetrator rigs an ATM with a card skimmer. The end result of card skimming is unauthorized access to finances through the technique of illegal copying of debit and credit cards.
Ransomware is a form of malicious software that locks up the files on your computer, encrypts them, and demands that you pay to get your files back. The world has seen several major Ransomware attack in 2017, notable mention are Wanna Decryptor, or WannaCry, and Petya.
WannaCry is a form of ransomware that affects Microsoft’s Windows operating system. When a system is infected, a pop up window appears, prompting you to pay to recover all your files within three days, with a countdown timer on the left of the window. It adds that if you fail to pay within that time, the fee will be doubled, and if you don’t pay within seven days, you will lose the files forever. Payment is accepted only with Bitcoin.
It is a new Malware that can take over electronic devices and use them for Distributed Denial of Service (DDoS) attacks. It is capable of taking over electronic devices and turning them into bots (device taken over by malware) which can then be used for any purpose, including DDoS attacks which, with enough firepower, can cripple entire industries.
Popular Cyber-Attack Tools
|Malware which is designed to spy on the victim’s computer.
|It is something that is planted into your system and immediately informs you that you have hundreds of infections, which you actually don’t have, to trick you into purchasing a bogus anti-malware.
|It keeps a record of every keystroke you made on your keyboard.
|Is a form of threat where your computer will start popping out a lot of advertisement.
|It is a form of method where once a system is vulnerable to this method, attacker will be able to bypass all the regular authentication service.
|It is installed by a BotMaster to take control of all the computer bots via the Botnet infection.
|It is designed to drop into a computer and install something useful to the attacker such as Malware or Backdoor.
|It is just something used by most websites to store something into your computer.
|The act of stealing personal data, specifically calendar and contact information, from a Bluetooth enabled device.
|It will connect to your Bluetooth device and send some message to another Bluetooth device.
|To send millions of traffic to a single server to cause the system to down with certain security feature disable so that they can do their data stealing.
|Virus today can be spread through document file as well especially PDF documents.
|It will trap your web browser to a particular website only. If you try to type another website, it will automatically redirect you back.
|It is about infecting a website which is vulnerable to this attack. It will gain unauthorized access to the database and the attacker can retrieve all the valuable information stored in the database.
|Botnet is something which is installed by a BotMaster to take control of all the computer bots via the Botnet infection. The result of this threat is the victim’s computer, which is the bot, will be used for a large scale attack like DDoS.
|Crimeware is a form of Malware where it takes control of your computer to commit a computer crime. Instead of the hacker himself committing the crime, it plants a Trojan or whatever the Malware is called to order you to commit a crime instead.
Challenges to India’s Cyber Security
There is a need to prioritise and protect critical infrastructure. In India, the sectors of power, water supply, communications, transportation, defence and finance are vital constituents of national security. These need to be protected by taking suitable measures as laid down in the IT Act. Steps to guard against threats, i.e. destructive actions or cyber exploitation will constitute a basis for research on offensive action. The electric power system merits top priority. While the risk of an attack can be reduced, it would be unrealistic to assume that an attack can be prevented. This leads to the conclusion that containment, isolation, minimising the impact, backup systems and reactivation are areas of capacity building. As critical infrastructure spans both the public and private domains, the organisation to ensure its protection has to be in the public realm and, in a manner, accountable.
The vulnerabilities of critical infrastructures and their dependence on information infrastructure make them a soft and obvious target for states, as well as for terrorists, to disrupt critical services or functions disbursed by them. These types of attacks, which are increasing across the globe, have considerably altered the views of the policy making apparatus of all the members of the international community on how to secure and protect their population, information systems, critical infrastructure and the cyberspace as global commons, from any unforeseen attack manifesting in cyber or physical realm. Successful attacks on critical infrastructure can directly or indirectly inflict mass casualties or have grave economic implications, attracting significant public attention or discontent.
In the critical infrastructure in India, the Department of Electronics and Information Technology (Gol) had identified defence, finance, energy, transportation and telecommunications as the critical sectors. With the inception of a designated nodal agency—the National Critical Information Infrastructure Protection Centre (NCIIPC)—to protect the Cll of India, the sectors that were put under the auspices of the agency are power and energy (oil and gas, power, industrial control systems, etc.), banking, financial services and insurance , ICT, transportation (air, surface [rail and road] and water) and e-governance and strategic public enterprises. These sectors can be further subdivided into independent business or industrial functions. For example, in the case of transportation: aviation, shipping, road and rail are the primary constituents. Similarly, the subdivision of services, such a telecommunications has landline voice services, mobile voice service and broadband cable services. The Cll sectors in perspective and the sector-wise break up is given in.
|Power and Energy
|Information and Communications Technology
|Public Switched Telephone
|Banking, Financial Services and Insurance
|Reserve Bank of India
|e-Governance and Strategic Public Enterprises
Critical Information Infrastructure (Cll)
Critical Information Infrastructure generally refers to: Information and Communication Technology systems that are essential to the operations of national and international Critical Infrastructures. Some of the examples include:
- Telecommunication networks;
- Financial services; and
- Industrial Control Systems/SCADA (Supervisory,
Control and Data Acquisition) used to manage energy production and distribution, chemical manufacturing and refining processes.
Critical information infrastructure is communications or information service whose availability, reliability and resilience are essential to the functioning of a modern economy, security and other essential social values. The ClIs are needed to support the functioning of other critical infrastructures, ranging from power distribution to transportation and finance to governance.
Section 70 of the IT (Amendment) Act, 2008 (Ministry of Information Technology, Government of India) describes Cll as “the computer resource, the incapacitation or destruction of which, shall have debilitating impact on national security, economy, public health or safety.”
Cyber Security Measures
Information Technology Act, 2000
This Act aims to provide the legal infrastructure for e-commerce in India. The Information Technology Act, 2000 also aims to provide for the legal framework so that legal sanctity is accorded to all electronic records and other activities carried out by electronic means. The Act states that unless otherwise agreed, an acceptance of contract may be expressed by electronic means of communication and the same shall have legal validity and enforceability. The aims and objectives of the IT Act are as follows:
- To suitably amend existing laws in India to facilitate e-commerce.
- To provide legal recognition of electronic records and digital signatures.
- To provide legal recognition to the transactions carried out by means of Electronic Data Interchange (EDI) and other means of electronic communication.
- To facilitate e-governance and to encourage the use and acceptance of electronic records and digital signatures in government offices and agencies.
- To make consequential amendments in the Indian Penal Code, 1860 and the Indian Evidence Act, 1872 to provide for necessary changes in the various provisions which deal with offences relating to documents and paper based transactions.
- To amend the Reserve Bank of India Act, 1934 so as to facilitate electronic fund transfers between the financial institutions.
- To make law in tune with Model Law on Electronic Commerce adopted by the United Nations Commission onInternationalTrade Law (UNCITRAL).
- It outlines the Justice Dispensation Systems for cyber-crimes.
- It defines in a new section that cyber cafe is any facility from where the access to the internet is offered by any person in the ordinary course of business to the members of the public.
- It provides for the constitution of the Cyber Regulations Advisory Committee.
- It adds a provision to Section 81, which states that the provisions of the Act shall have overriding effect. The provision states that nothing contained in the Act shall restrict any person from exercising any right conferred under the Copyright Act, 1957.
Information Technology Amendment Act, 2008
Being the first legislation in the nation on technology, computers and e-commerce, the Act was the subject of extensive debates, elaborate reviews and detailed criticisms, with one arm of the industry criticizing some sections of the Act to be draconian and other stating it is too diluted and lenient. There were some conspicuous omissions too resulting in the investigators relying more and more on the time tested (one and half century-old) Indian Penal Code. Thus, the need for an amendment – a detailed one – was felt for the I.T. Act almost from the year 2003-04.
Major industry bodies were consulted and advisory groups were formed to go into the perceived lacunae in the I.T. Act and comparing it with similar legislations in other nations and to suggest recommendations. Such recommendations were analysed and subsequently taken up as a comprehensive Amendment Act and after considerable administrative procedures, the consolidated amendment called the Information Technology Amendment Act 2008 was enacted.
Some of the notable features of the ITAA are as follows:
- Focussing on data privacy
- Focussing on Information Security
- Defining cyber cafe
- Digital signature has been replaced with electronic signature to make it a more technology neutral
- Defining reasonable security practices to be followed by corporate.
- Redefining the role of intermediaries
- Recognising the role of Indian Computer Emergency Response Team
- Inclusion of some additional cyber-crimes like child pornography and cyber terrorism authorizing an Inspector to investigate cyber offences (as against the DSP earlier).
Penal provisions of IT Amendment Act 2008
|Tampering with computer source documents.
|Imprisonment up to 3 years or a fine of 2 lakh rupees, or both.
|Hacking & Breach of confidentiality of personal information as per sec. 43 & 43A
|Imprisonment up to 3 years or a fine up to 5 lakh rupees or both
|Sending offensive messages through communication service, etc.
|Imprisonment of 3 years & fine.
|Dishonestly receiving stolen resource or communication device.
|Imprisonment of 3 years & fine.
|66C & D
|Imprisonment up to 3 years & fine up to 1 lakh rupees.
|Violation of personal Privacy
|Imprisonment up to 3 years or fine not exceeding 2 lakh rupees or with both.
|Imprisonment for life.
|67, 67A & B
|Publishing or transmitting obscene material in electronic form/pornography/child pornography
|Imprisonment term up to 5/7 years and fine up to 10 lakh rupees.
|Failure to preserve and retain information by intermediaries
|Imprisonment for 3 years and fine.
Section 66(A) of IT Act
Section 66(A) of the Act criminalises the sending of offensive messages through a computer or other communication devices . Under this provision, any person who by means of a computer or communication device sends any information that is:
- Grossly offensive;
- False, meant for the purpose of causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred or ill will;
- Meant to deceive or mislead the recipient about the origin of such messages, etc, shall be punishable with imprisonment up to three years and with fine. Over the past few years, incidents related to comments, sharing of information, or thoughts expressed by an individual to a wider audience on the internet have attracted criminal penalties under Section 66(A). This has led to discussion and debate on the ambit of the Section and its applicability to such actions.
In the recent past, a few arrests were made under Section 66(A) on the basis of social media posts directed at notable personalities, including politicians. These were alleged to be offensive in nature. In November 2012, there were various reports of alleged misuse of the law, and the penalties imposed were said to be disproportionate to the offence. Thereafter, a Public Interest Litigation (PIL) was filed in the Supreme Court, challenging this provision on grounds of unconstitutionality. It was said to impinge upon the freedom of speech and expression guaranteed by Article 19(1)(a) of the Constitution
Supreme Court in February, 2015 had stated that the constitutional validity of the provision would be tested, in relation to the PIL before it. In March, 2015 Supreme Court struck down Section 66A of the Information Technology Act calling it unconstitutional. The Supreme Court ruled on down a “draconian” provision that had led to the arrests of many people for posting content deemed to be “allegedly objectionable” on the Internet.
Cyber Appellate Tribunal
Cyber Appellate Tribunal has been established under Section 48(1) of the Information Technology Act, 2000. It has the same powers as are vested in a civil court under the Code of Civil Procedure, 1908 and the tribunal is guided by the principles of natural justice. It is supposed to function as a specialised body that would redress cyber fraud cases. According to a report by the Comptroller and Auditor General of India released in 2016, the Cyber Appellate Tribunal has spent over t27 crore in salaries during the same period but without carrying out its primary function. The Government of India in 2017 merged The Cyber Appellate Tribunal with the Telecom Disputes Settlement and Appellate Tribunal.
Indian Computer Emergency Response Team (CERT-ln)
CERT-ln (the Indian Computer Emergency Response Team) is a government-mandated Information Technology (IT) security organization. The purpose of CERT-ln is to respond to computer security incidents, report on vulnerabilities and promote effective IT security practices throughout the country.
In the recent Information Technology Amendment Act 2008, CERT-ln has been designated to serve as the national agency to perform the following functions in the area of cyber security:
- Collection, analysis and dissemination of information on cyber incidents.
- Forecast and alerts of cyber security incidents
- Emergency measures for handling cyber security incidents
- Coordination of cyber incident response activities.
- Issue guidelines, advisories, vulnerability notes and white papers relating to information security practices, procedures, prevention, response and reporting of cyber incidents.
- Such other functions relating to cyber security as may be prescribed.
The Indian Computer Emergency Response Team (CERT-ln) has signed cooperation pacts with its counterparts in Malaysia, Singapore and Japan for cyber security in 2015 . The Memoranda of Understanding (MoUs) will promote closer cooperation for exchange of knowledge and experience in detection, resolution and prevention of security-related incidents between India and the three countries.
CERT-ln was created by the Indian Department of Information Technology in 2004 and operates under the auspices of that department. According to the provisions of the Information Technology Amendment Act 2008, CERT-ln is responsible for overseeing administration of the Act.
Cyber Security in Financial Sector (CERT-Fin)
The government is working to set up a financial Computer Emergency Response Team (CERT-Fin) to tackle a rise in cyber threats to India’s financial institutions. This will be the first sectoral CERT to be introduced in India. For this purpose a working group is set up.
The important recommendations of the Working Group can be summarized as follows:
- A nodal sectoral CERT i.e.; CERT-Fin to act as an umbrella CERT for the financial sector and report to CERT-ln at the national level in accordance with IT Act and Rules.
- Sub sectoral CERTs may be set up and housed in each of the financial sector Regulators and below those, in major financial institutions, feeding information on real time basis to the proposed CERT-Fin.
- To facilitate smooth functioning in coordination with CERT-ln, a MoU/legal arrangement in should be put in place between CERT-ln and CERT-Fin.
- Proposed CERT-Fin should seek to complement the overarching mandate of CERT-ln.
- CERT-Fin should be an independent body to be set up as a company under Section 8 of the Companies Act, 2013 with a Governing Board.
- An Advisory Board may be set up for, inter-alia, providing strategic direction, review of performance and recommendations for allocation of budget/ resources.
- CERT-Fin may do analysis of financial sector cyber incidents, understand the pattern and nuances across financial sectors and envisage basic functions for CERT-Fin.
- CERT-Fin should create awareness on security issues through dissemination of information on its website and operate 24×7 incidence responses FHelp Desk.
- CERT-Fin should offer policy suggestions for strengthening financial sector cyber security to all stakeholders including Regulators/Government.
- CERT-Fin should be sufficiently equipped with stateof-the-art infrastructure to cater to the requirements of cyber security in the financial sector.
- The proposed CERT-Fin may be equipped with best available talent with highly skilled professionals.
National Information Board (NIB)
- The National Information Board (NIB) is India’s top policy-making wing on cyber security headed by National Security Advisor. The NIB’s views are critical since national law enforcement agencies will be closely involved in implementing the telecom security policy with Department of Telecom.
National Crisis Management Committee(NCMC)
- National Crisis Management Committee (NCMC) is headed by Cabinet Secretary. Secretaries of all concerned Ministries/Departments as well as Organizations are members of the Committee. The NCMC gives direction to the Crisis Management Groups as deemed necessary. The NCMC gives directions to any Ministries/Departments/ Organizations for specific action needed for meeting the Crisis situation.
National Critical Information Infrastructure Protection Centre (NCIIPC)
National Critical Information Infrastructure Protection Centre (NCIIPC) is an organisation of the Government of India created under Sec 70A of the Information Technology Act, 2000 (amended 2008). It is designated as the National Nodal Agency in respect of Critical Information Infrastructure Protection.
“To take all necessary measures to facilitate protection of Critical Information Infrastructure (CM), from unauthorized access, modification, use, disclosure, disruption, incapacitation or distraction through coherent coordination, synergy and raising information security awareness among all stakeholders.”
Functions and Duties
- National nodal agency for all measures to protect nation’s critical information infrastructure.
- Protect and deliver advice that aims to reduce the vulnerabilities of critical information infrastructure, against cyber terrorism, cyber warfare and other threats.
- Identification of all critical information infrastructure elements for approval by the appropriate Government for notifying the same.
- Provide strategic leadership and coherence across Government to respond to cyber security threats against the identified critical information infrastructure.
- Coordinate, share, monitor, collect, analyse and forecast, national level threat to CM for policy guidance, expertise sharing and situational awareness for early warning or alerts.
- Assisting in the development of appropriate plans, adoption of standards, sharing of best practices and refinement of procurement processes in respect of protection of Critical Information Infrastructure.
- Evolving protection strategies, policies, vulnerability assessment and auditing methodologies and plans for their dissemination and implementation for protection of Critical Information Infrastructure.
- Undertaking research and development and allied activities, providing funding (including grants-inaid) for creating, collaborating and development of innovative future technology.
- Developing or organising training and awareness programs as also nurturing and development of audit and certification agencies for protection of Critical Information Infrastructure.
- Developing and executing national and international cooperation strategies for protection of Critical Information Infrastructure.
- Exchanging cyber incidents and other information relating to attacks and vulnerabilities with Indian Computer Emergency Response Team and other concerned organisations in the field.
- In the event of any threat to critical information infrastructure the National Critical Information Infrastructure Protection Centre may call for information and give directions to the critical sectors or persons serving or having a critical impact on Critical Information Infrastructure.
Cyber Swachhta Kendra
To combat cyber security violations and prevent their increase, Computer Emergency Response Team (CERT-in) in February 2017 launched ‘Cyber Swachhta Kendra’ (Botnet Cleaning and Malware Analysis Centre) a new desktop and mobile security solution for cyber security in India.
The centre is operated by CERT-in will detect botnet infections in India and prevent further infections by notifying, enable cleaning and securing systems of end-users. It functions to analyse BOTs/malware characteristics, provides information and enables citizens to remove BOTs/malware and to create awareness among citizens to secure their data, computers, mobile phones and devices such as home routers.
The Cyber Swachhta Kendra is a step in the direction of creating a secure cyber ecosystem in the country as envisaged under the National Cyber Security Policy in India. This centre operates in close coordination and collaboration with Internet Service Providers and Product/Antivirus. The centre strives to increase awareness of common users regarding botnet, malware infections and measures to be taken to prevent malware infections and secure their computers, systems and devices.
International Cooperation Initiatives
Information sharing and cooperation is an explicit strategy under the 2013 Policy. Consequently, as answer to the increasing international nature of cyber crime, the Indian government has entered into cyber security collaborations with countries such as the USA, European Union and Malaysia. The U.K. has agreed to assist in developing the proposed National Cyber Crime Coordination Centre in India.
The shared principles of the U.S.-India Cyber Relationship Framework provide for the recognition of the leading role for governments in cyber security matters relating to national security; a recognition of the importance of and a shared commitment to cooperate in capacity building in cyber security and cyber security research and development, and a desire to cooperate in strengthening the security and resilience of critical information infrastructure.
The areas of cooperation provide inter alia that both countries agree to share and implement cyber security best practices, share cyber threat information on a real-time basis, develop joint mechanisms to mitigate cyber threats, promote cooperation between law enforcement agencies and improve their capacity through joint training programs, encourage collaboration in the field of cyber security research, and Strengthening critical Internet infrastructure in India.