Description
Copyright infringement is not intended
Context: Cyber crimes have gone up by almost 500% in India during the global pandemic
- With data gradually transcending into the open domain with numerous firms permitting employees to work from their homes amid the pandemic, sensitive information has become susceptible to security vulnerabilities.
- The rise of digital payments has also increased complex cyber crimes.
Why India needs a robust cybersecurity strategy?
- Demonetisation and Covid-19 have pushed indians to adopt digitisation. Work from home is now accepted as a new normal.
- India’s digital growth will not be sustainable if we do not have a strong shield in the form of data protection laws and privacy policies.
- To address the issue of protecting critical information infrastructure in cyberspace, build integrated capabilities to prevent and respond to cyber threat.
- India has one of the highest number of internet users in the world and is also among the top-10 countries facing cyberattacks.
- To address the current gaps in governance and to provide a strong framework to handle issues related to cybersecurity.
- There is no centralised command to have oversight and coordinate efforts to handle larger cybersecurity issues.
- To protect domestic interest: The discovery of potential North Korean malware at both the Kudankulam Nuclear Power Plant and the Indian Space Research Organisation (ISRO) last year, and recent revelations of a Chinese firm tracking Indians’ personal data highlight just how vulnerable Indian cyberspace can be.
Suggestions:
Unified cybersecurity framework:
- Dedicated authority: Currently National Cyber Security Coordinator (NCSC) and Indian Computer Emergency Response Team (CERT-In) are handling cybersecurity issues in India. There is an urgent need of having a comprehensive and unified government institution for creating a cyber defence network
- Unified inter-regulator: Currently, RBI, SEBI, IRDAI, TRAI, PFRDA, etc, have different cybersecurity framework for their regulated entities. However, none of the frameworks talk about inter-regulator coordination or integrated approach to handle cybercrime.
- A holistic cybersecurity strategy with a possible amendment in the IT Act, as some of its provisions have become redundant and can’t address issues arising from the evolving threats.
- Cyber Defence Agency: Government needs to consider creating a Cyber Defence Agency, which is to be entrusted with the responsibility to implement the cyber defence strategy solely for national security.
- Constitution of cyber commando force as a part of the defence program to neutralise any cross-border cyber terrorism or cyber-attack.
- Create specialised cyber police cadres in all State police departments.
- Sectorial CERT and state-level CERT would be more effective for rapid response on any cyber-attack. The state-level CERT team will need to ensure speedier incident response and coordination with national agencies.
- Building a business ecosystem to leverage artificial intelligence and robotics to improve cyber defence.
- Pass the proposed Data Protection Bill to protect critical information like personal data, business information, and financial information.
Conclusion:
- It is high time that we consider amendment of the existing IT Act, 2000, which is not fully synced with today’s cyber threat.
- In addition to the IT Act, it’s already delayed but high time to introduce data privacy laws.
https://www.thehindu.com/news/national/cybercrime-went-up-by-500-per-cent-during-pandemic-chief-of-defence-staff/article37457504.ece?homepage=true
