CYBER and Cooperation Act – H.R.4962″ and “Protecting Cyberspace

CYBER SECURITY AROUND THE WORLD: Germany Berlin starts National Cyber Defense Initiative: On June 16, 2011, the German Minister for Home Affairs, officially opened the new German NCAZ (National Center for Cyber Defense) Nationales CyberAbwehrzentrum located in Bonn. The NCAZ closely cooperates with BSI (Federal Office for Information Security) Bundesamt für Sicherheit in der Informationstechnik, BKA (Federal Police Organisation) Bundeskriminalamt (Deutschland), BND (Federal Intelligence Service) Bundesnachrichtendienst, MAD (Military Intelligence Service) Amt für den Militärischen Abschirmdienst and other national organisations in Germany taking care of national security aspects. According to the Minister the primary task of the new organisation founded on February 23, 2011, is to detect and prevent attacks against the national infrastructure and mentioned incidents like Stuxnet. India Some provisions for cybersecurity have been incorporated into rules framed under the Information Technology Act 2000.The National Cyber Security Policy 2013 is a policy framework by Ministry of Electronics and Information Technology (MeitY) which aims to protect the public and private infrastructure from cyber attacks, and safeguard “information, such as personal information (of web users), financial and banking information and sovereign data”. The Indian Companies Act 2013 has also introduced cyber law and cyber security obligations on the part of Indian directors. South Korea Following cyberattacks in the first half of 2013, when government, news-media, television station, and bank websites were compromised, the national government committed to the training of 5,000 new cybersecurity experts by 2017. The South Korean government blamed its northern counterpart for these attacks, as well as incidents that occurred in 2009, 2011, and 2012, but Pyongyang denies the accusations. United States The 1986 18 U.S.C. 1030, more commonly known as the Computer Fraud and Abuse Act is the key legislation. It prohibits unauthorized access or damage of “protected computers” as defined in 18 U.S.C. 1030. Although various other measures have been proposed, such as the “Cybersecurity Act of 2010 – S. 773” in 2009, the “International Cybercrime Reporting and Cooperation Act – H.R.4962” and “Protecting Cyberspace as a National Asset Act of 2010 – S.3480” in 2010 – none of these has succeeded. Executive order 13636 Improving Critical Infrastructure Cybersecurity was signed February 12, 2013. WORLD INTERNET USAGE AND POPULATION STATISTICS: World Regions Population ( 2017 ) Population % of World Internet Users 30 June 2017 Growth 2000-2017 Africa 1,246,504,865 16.6 % 388,376,491 8,503.1% Asia 4,148,177,672 55.2 % 1,938,075,631 1,595.5% Europe 822,710,362 10.9 % 659,634,487 527.6% Latin America / Caribbean 647,604,645 8.6 % 404,269,163 2,137.4% Middle East 250,327,574 3.3 % 146,972,123 4,374.3% North America 363,224,006 4.8 % 320,059,368 196.1% Australia 40,479,846 0.5 % 28,180,356 269.8% WORLD TOTAL 7,519,028,970 100.0 % 3,885,567,619 976.4% Table 2: World Internet usage and Population Statistics Source: Internet World Stats 4. CYBER SECURITY INITIATIVES BY THE GOVERNMENT OF INDIA: The number of cyber security incidents has gradually increased in India over the last few years. As per the information collected by India’s Computer Emergency Response Team (CERT-in), 44,679, 49,455 and 50,362 cyber security incidents took place in India during the years 2014, 2015 and 2016, respectively. These incidents include phishing, website intrusions and defacements, virus and denial of service attacks amongst others.   As per the ‘2016 Cost of Data Breach Study: India’ the average total cost of a data breach paid by Indian companies increased by 9.5 percent, while the per capita cost increased by 8.7 percent and the average size of a breach grew by 8.1 percent.  Although, the government has taken certain cyber security initiatives as discussed below, more expansive and aggressive measures are required to meet the rising challenges. a) National Cyber Security Policy The Government of India took the first formalized step towards cyber security in 2013; vide the Ministry of Communication and Information Technology, Department of Electronics and Information Technology’s National Cyber Security Policy, 2013.  National Cyber Security Policy is a policy framework by Department of Electronics and Information Technology (DeitY). It aims at protecting the public and private infrastructure from cyber attacks. The policy also intends to safeguard “information, such as personal information (of web users), financial and banking information and sovereign data”. This was particularly relevant in the wake of US National Security Agency (NSA) leaks that suggested the US government agencies are spying on Indian users, who have no legal or technical safeguards against it. The objectives of the policy includes creating round the clock mechanisms for gathering intelligence and effective response, operation of a National Critical Information Infrastructure Protection Centre for 24×7 protection of critical information infrastructure, research and development for security technologies, create a 500,000 strong cyber security workforce, to provide fiscal benefits to businesses for adopting cyber security practices, to build public private partnerships for cooperative cyber security efforts. b) Cyber Swachhta Kendra’ (Botnet Cleaning and Malware Analysis Centre): To combat cyber security violations and prevent their increase, Government of India’s Computer Emergency Response Team (CERT-in) in February 2017 launched ‘Cyber Swachhta Kendra’ (Botnet Cleaning and Malware Analysis Centre) a new desktop and mobile security solution for cyber security in India. The centre is operated by CERT-in under Section 70B of the Information Technology Act, 2000. The solution, which is a part of the Ministry of Electronics and Information Technology’s Digital India initiative, will detect botnet infections in India and prevent further infections by notifying, enable cleaning and securing systems of end-users. It functions to analyze BOTs/malware characteristics, provides information and enables citizens to remove BOTs/malwar and to create awareness among citizens to secure their data, computers, mobile phones and devices such as home routers. The Cyber Swachhta Kendra is a step in the direction of creating a secure cyber ecosystem in the country as envisaged under the National Cyber Security Policy in India. This centre operates in close coordination and collaboration with Internet Service Providers and Product/Antivirus companies to notify the end users regarding infection of their system and providing them assistance to clean their systems, as well as industry and academia to detect bot infected systems. The center strives to increase awareness of common users regarding botnet, malware infections and measures to be taken to prevent malware infections and secure their computers, systems and devices. c) Collaboration with industry partners: Development of Public Private Partnerships is an important strategy under the National Cyber Security Policy 2013. To combat the ever-evolving techniques of cyber intrusions, the government also recognises the need for working in collaboration with industry partners. Consequently, Cisco and Ministry of Electronics and Information Technology’s Indian Computer Emergency Response Team (CERT-In) have signed a Memorandum of Understanding (MoU) whereby a threat intelligence-sharing programme will be established, wherein personnel from Cisco and CERT-In will work collectively to tackle digital threats and develop and incorporate new ways to improve cybersecurity. d) International Cooperation Initiatives: Information sharing and cooperation is an explicit strategy under the 2013 Policy. The Indian government has entered into cyber security collaborations with countries such as the USA, European Union and Malaysia. The U.K. has agreed to assist in developing the proposed National Cyber Crime Coordination Centre in India. The shared principles of the U.S.-India Cyber Relationship Framework provide for the recognition of the leading role for governments in cyber security matters relating to national security; a recognition of the importance of and a shared commitment to cooperate in capacity building in cyber security and cyber security research and development, and A desire to cooperate in strengthening the security and resilience of critical information infrastructure.   V. RECOMMENDATIONS: Some suggestions or recommendations are given below: v  Need to sensitize the common citizen about a danger of cyber terrorism. v  Join efforts by all Govt. agencies including defense forces to attract qualified, skilled personal for implementation of counter measures v  More investment in this field v  Government law and IT act need to be rectified v  Need to have more international collaboration in the field of cyber security and favours handling issue of cyber terrorism in cooperation with other countries v  Fund and encourage research and Ph.Ds in the area of cyber security  VI. CONCLUSION: Cybersecurity is a complex subject, whose understanding requires knowledge and expertise from multiple disciplines, including but not limited to computer science and information technology, psychology, eco nomics, organizational behavior, political science, engineering, sociology, decision sciences, international relations, and law. A common vision is required to ensure cyber security and prevent cyber crimes. The time has come to prioritize cyber security in India’s counter terrorism strategy. Given the rapid transformation of the cyber landscape since 2013, as well as the need for a more comprehensive framework for the operationalization of the vision of cyber security policy as laid out by the government, India needs to update its cyber security policy.               VII. REFERENCES: 1. http://www.insightsonindia.com/2017/11/23/insights-mindmaps-cyber-security-india-bots todays-world/ 2. https://en.wikipedia.org/wiki/National_Cyber_Security_Policy_2013 3. http://www.cyberswachhtakendra.gov.in/about.html 4. https://factly.in/cyber-crimes-in-india-which-state-tops-the-chart/ 5. Cisco India unveils three cyber security initiatives, The Week, 22 December 2016, http://www.theweek.in/news/sci-tech/cisco-india-unveils-three-cyber-security-initiatives.html 6. FACT SHEET: Framework for the U.S.-India Cyber Relationship, The White House, Office of the Press Secretary, https://obamawhitehouse.archives.gov/the-press-office/2016/06/07/fact-sheet-framework-us-india-cyber-relationship 7. https://economictimes.indiatimes.com/tech/internet/how-india-inc-is-losing-its-cybersecurity-war/articleshow/61074845.cms 8. http://www.livemint.com/Opinion/ORfRrY3ecTFGlKOsJlrqAJ/Digital-India-needs-a-cybersecurity-reboot.html