Cyber Security and Related Issues: Comprehensive

Coverage
insightsonindia.com/2014/11/25/cyber-security-related-issues-comprehensive-coverage/

November 25,
2014

Structure

Introduction
Types of Security Threats
Conventional cyber crimes
Cyber warfare and its examples
Cyber terrorism
Cyber terror: Some Example
Why we need to regulate Cyber space
Tool to protect against Cyber Threats
Cyber Laws in India
Ongoing efforts in India
Stakeholder Agencies in India
Intergovernmental organizations and Initiatives
Conclusion

Introduction
1/21
Cyberspace is such a term, which is not yet completely defined and also has no
geographical limitation. It is a term associated with application of the Internet worldwide.
It is also called as a virtual space as physical existence of cyberspace is not detectable at
all. Cyberspace is “the total interconnectedness of human beings through computers
and telecommunication without regard to physical geography.”

Information through computers is transferred in the form of Ones (1) and Zeros (0),
which do not inherently carry any separate information along with them for
authentication. For authentication purposes, additional information needs to be carried
with cyberspace transactions for identity purposes.

Providing extra information in digital communication introduces the possibility for

identity theft. Because nothing prevents the transmission of false identity information, or
the duplication of another’s identity information.

The seriousness of this problem is highlighted when you consider that future
technologies will allow extremely important identifiers, such as a retinal scan or a
fingerprint, to be represented digitally. These biometrics characteristics are protected in
real space because they are embedded in the physical body of the person. This is lost in
cyberspace. Thus, cyberspace needs a system that allows individuals to verify their
identities to others without revealing to them the digital representation of their
identities.

Types of Security threats

Cybercrimes consist of specific crimes dealing with computers and networks, such as
hacking, phishing and the facilitation of traditional crime through the use of computers
(child pornography, hate crimes, telemarketing/internet fraud). A brief introduction to
some common cyber related violations, or cybercrimes as they are more commonly
referred to are discussed below:

Hacking

Hacking in simple terms means an illegal intrusion into a computer system and/or
network. There is an equivalent term to hacking i.e. cracking, but from Indian legal
perspective there is no difference between the term hacking and cracking. Every act
committed towards breaking into a computer and/or network is hacking. Hackers write
or use ready-made computer programs to attack the target computer.

Child Pornography

The Internet is extensively used for sexual abuse of children. As more homes have
access to internet, more children are accessing it and this enhances their vulnerability of
falling victims to the aggression of paedophiles. Paedophiles (a person who is sexually
attracted to children) lure the children by distributing pornographic material and then
pursue them for sexual exploitation. Sometimes paedophiles contact children in chat

2/21
rooms posing as teenagers or a children of similar age, they win the confidence of these
children, then induce them into sexually provocative discussions. Then begins the actual
exploitation of children.

Cyber Stalking

This term is used to refer to the use of the internet, e-mail, or other electronic
communications devices to stalk another person. Cyber stalking can be defined as the
repeated acts of harassment or threatening behaviour of the cyber-criminal towards the
victim by using internet services.

Denial of Service

This is a technology driven cyber intrusion, where by the influencer floods the bandwidth
or blocks the user’s mails with spam mails depriving the user, access to the Internet and
the services provided therefrom. A DoS Attack (as it is commonly known) can be
perpetrated in a number of ways.

Dissemination of Malicious
Software (Malware)

Malware is defined as a software

designed to perform an unwanted
illegal act via the computer network.
It could be also defined as software
with malicious intent. Malware can
be classified based on how they get
executed, how they spread, and/or
what they do. Some of them are
discussed below.

a) Virus

A virus is a program that can infect

other programs by modifying them to include a possible evolved copy of itself. A virus
can spread throughout a computer or network using the authorization of every user
using it to infect their program. Every program so infected may also act as a virus and
thus the infection grows. Viruses normally affect program files, but in some cases they
also affect data files disrupting the use of data and destroying them completely.

b) Worms

Worms are also disseminated through computer networks, unlike viruses, computer
worms are malicious programs that copy themselves from system to system, rather than
infiltrating legitimate files. For example, a mass mailing e-mail worm is a worm that
3/21
sends copies of itself via e-mail. A network worm, on the other hand makes copies of
itself throughout a network, thus
disrupting an entire network.

c) Trojans

Trojan is another form of Malware,

trojans do things other than what is
expected by the user. Trojan or
trojan horse is a program that
generally impairs the security of a
system. Trojans are used to create
back-doors (a program that allows
outside access into a secure
network) on computers belonging to
a secure network so that a hacker
can have access to the secure
network.

Unlike viruses, Trojan horses do not replicate themselves but they can be just as
destructive. One of the most insidious types of Trojan horse is a program that claims to
rid your computer of viruses but instead introduces viruses onto your computer.

d) Hoax

Hoax is an e-mail that warns the user of a certain system that is harming the computer.
The message thereafter instructs the user to run a procedure (most often in the form of
a download) to correct the harming system. When this program is run, it invades the
system and deletes an important file.

e) Spyware

Spyware invades a computer and, as its name implies, monitors a user’s activities without
consent. Spywares are usually forwarded through unsuspecting e-mails with bonafide e-
mail i.ds. Spyware continues to infect millions of computers globally.

Phishing

Phishers lure users to a phony web site, usually by sending them an authentic appearing
e-mail. Once at the fake site, users are tricked into divulging a variety of private
information, such as passwords and account numbers

Data Related

Data interception –Hijacking e-mails, interference of an intermediary in the network,

may be a prelude to another type of computer crime, typically data modification.

4/21
Data diddling: –Usually done in conjunction with data interception, valid data intended
for a recipient is hijacked or intercepted and then is replaced with an erroneous one.
This could also apply to illegal tapping into database and altering its contents. Basically,
any form of alteration without appropriate authorization falls under this category.

Data theft -outright stealing of most commonly classified or proprietary information

without authorization. This could be the result of data interception. It might also be the
unlawful use or possession of copyrighted works such as songs, pictures, movies or
other works of art.

Network Related

Network interference -any activity that causes the operation of a computer network to
be temporarily disrupted. Interference implies something momentarily such as Denial of
Service Attacks that causes delays in data transmission by using up all available
bandwidth. Distributed denial of service, ping of death and smurf attacks also fall under
this category.

Data Security Network sabotage – causing permanent damage to a computer network

such as deleting files or records from storage.

Conventional cyber crimes

Cyber Defamation

Defamation comprises of both libel (defamation by means of writing) and slander

(defamation by speaking). After the popularity of the printing press, one witnessed the
increase in libel. With the advent of information technology and the Internet, libel has
become much more common and of course, easier.

5/21
In simple words, it implies defamation by anything which can be read, seen or heard with
the help of computers/technology. Since the Internet has been described as having some
or all of the characteristics of a newspaper, a television station, a magazine, a telephone
system, an electronic library and a publishing house, there are certain noticeable
differences between online and offline attempt of defamation which makes the online
defamation more vigorous and effective.

Corporate Cyber Smear

Harmful and defamatory online message has been termed as corporate cyber smear. It
is a false and disparaging rumour about a company, its management or its stock that is
posted on the Internet. This kind of criminal activity has been a concern especially in
stock market and financial sectors where knowledge and information are the key factors
for businessmen.

Digital Forgery

Forgery is creation of a document which one knows is not genuine and yet projects the
same as if it is genuine. Digital forgery implies making use of digital technology to forge a
document. Desktop publishing systems, colour laser and ink-jet printers, colour copiers,
and image scanners enable crooks to make fakes, with relative ease, of cheques,
currency, passports, visas, birth certificates, ID cards, etc.

Online Gambling

Gambling is in many countries illegal. Computer is a medium for the purposes of online
gambling. The act of gambling is categorised as an offence in some countries and has a
legal sanctity in others. The main concern with online gambling is that most virtual
casinos are based offshore making them difficult to regulate.

It is in this situation that the Internet helps the gamblers to evade the law. Anyone with
access to a personal computer and an Internet connection can purchase lottery tickets or
visit gambling sites anywhere in the world. The world of online gambling, due to its
anonymity, unfortunately has many other hazards like danger of illegal use of credit card
or illegal access to bank account.

Online sale of illegal articles

There are certain articles like drugs, guns, pirated software or music that might not be
permitted to be sold under the law of a particular country. However, those who would
want to sell such articles find Internet a safe zone to open up online shops. There are
specific concerns with regard to increase in online sale of drugs.

The sale of illegal articles on the Internet is also one of those computer crimes where the
computer is merely a tool to commit the crime

E-mail spamming/ e-mail bombing

6/21
Spam refers to sending of unsolicited messages in bulk. Technically, it overflows the
limited-sized memory by excessively large input data. In relation to e-mail accounts, it
means bombing an e-mail account with a large number of messages maybe the same or
different messages

Spam is an unsolicited message requiring one’s time and effort to get rid off. A regular
supply of such spam messages would naturally result in considerable annoyance. It
would also directly hamper the interest of the user in his electronic mailbox where he
does not expect any interference and encroachment. The result, apart from loss of
Internet working hours and thwarting one’s regular e-mail stream, could be one of
mental agony and distress.

Cyber Warfare and its example

Cyber warfare is Internet-based conflict involving politically motivated attacks on

information and information systems. Cyber warfare attacks can disable official websites
and networks, disrupt or disable essential services, steal or alter classified data, and
cripple financial systems.

In 2010, Stuxnet, which was designed to attack industrial programmable logic

controllers was directed against the Iranian nuclear programme. Since the discovery of
the Stuxnet malware, other “cyber weapons” have made their appearance.

The Duqu worm was discovered in September 2011, followed in quick succession by the
Mahdi, Gauss and Flame malware. Flame, Duqu and Gauss shared similar digital DNA
with Stuxnet with primary purpose seemed to be espionage (spying), with their targets
ranging from banking to governmental to energy networks.

7/21
Flame’s capabilities ranged from recording Skype conversations and downloading
information from smart phones to more mundane activities such as recording audio,
screenshots, keystroke and network traffic recording.

The Mahdi Trojan

seemed to have spread via phishing emails even though its purpose was also apparently
espionage. Infections were reported from Iran, Israel, Afghanistan, the United Arab
Emirates, Saudi Arabia, Syria, Lebanon and Egypt.

Wiper, a new virus

was reported in April 2012 that was much more malicious, and wiped off the data on all
computers that it infected. This virus largely affected networks in Iran.

The Shamoon virus

is reported to have wiped off the data from 30,000 computers of the Saudi Arabian State
oil company, Aramco, followed a week later by a similar episode on the networks of the
second largest LNG company in the world, Ras Gas of Qatar.

In what has become the norm for such cyber-attacks, despite intense investigations by
anti-virus companies, the origins of the malware have remained largely in the realm of
speculation and inference.

While ownership of the Stuxnet (and by inference, its cousins Duqu, Flame and Gauss)
malware was claimed by the Obama Administration for electoral purposes, the Shamoon
virus is speculated to be a reverse-engineered version of the Wipe virus unleashed by

8/21
hackers loyal to the Iranian regime. Tit-for-tat attacks look set to become the norm as the
countries of the region secure up their cyber space.

In another incidence, it was reported that the Chinese Intelligence Agencies may have
planted Malware in Computers and broken into the Headquarters of 33 Corps, Indian
Army formation looking after most of the North-Eastern border with China. The Cyber
Intrusion also planted a Trojan Horse to give Chinese Agencies remote access to the
computer network at the 33 Corps Headquarters in Sukhna, near Siliguri, West Bengal.

Cyber war would not actually be war because there aren’t loss of human lives, but
analyzing these incidents and the continuous discoveries of malicious state-sponsored
malware, it is possible to understand the great activities in cyberspace and related
unpredictable repercussions on civil and military infrastructures.

Cyber Terrorism
‘Cyber terrorism is the convergence of terrorism and cyber space. It is generally
understood to mean unlawful attacks and threats of attacks against computers,
networks, and information stored therein when done to intimidate or coerce a
government or its people in furtherance of political or social objectives.

Further, to qualify as cyber terrorism, an attack should result in violence against persons
or property or at least cause enough harm to generate fear. Attacks that lead to death or
bodily injury, explosions, plane crashes, water contamination or severe economic loss
would be examples. Serious attacks against critical infrastructures could be acts of cyber
terrorism depending upon their impact. Attacks that disrupt nonessential services or
that are mainly a costly nuisance would not.

Cyber-terrorism can also be understood as “the use of computer network tools to shut
down critical national infrastructures (such as energy, transportation, government
operations) or to coerce or intimidate a government or civilian population.” A hostile
nation or group could exploit these vulnerabilities to penetrate a poorly secured
computer network and disrupt or even shut down critical functions.

Cyber terror: Some examples

Middle East Tension Sparks Cyber Attacks

With the Middle East Conflict at a very heated moment between bordering countries Pro-
Palestinian and Pro-Israel Cyber Groups have been launching an offensive against
websites and mail services used by the political sectors the opposing groups show
support for. The attacks had been reported by the NIPC (National Infrastructure
Protection Center) in October of 2000 to U.S. Officials. The attacks were a volley of email
floods, DoS attacks, and ping flooding of such sites as the Israel Foreign Ministry, Israeli
Defense Forces, and in reverse, sites that belonged to groups such as Hamas and
Hezbollah.
9/21
Pakistan/India Conflict

As tensions between the neighboring regions of India and Pakistan over Kashmir grew
over time, Pro-Pakistan cyber-terrorists and recruited hackers began to target India’s
Internet Community. Just prior to and after the September 11 attacks, it is believed that
the sympathizers of Pakistan (which also included members of the Al Qaeda
Organization) began their spread of propaganda and attacks against Indian Internet
based communities. Groups such as G-Force and Doctor Nuker have defaced or
disrupted service to several major entities in India such as the Zee TV Network, The India
Institue of Science and the Bhabha Atomic Research Center which all have political ties.

Retaliation in China

In May 1999 the accidental bombing of a Chinese embassy in Yugoslavia by U.S.

Bombers, led to a massive web site defacement and e-mail bombardment attack on
American companies and agencies. Pro-Chinese hackers and political groups executed
the attacks to gain sympathy for the Chinese cause.

US Government sites such as the U.S. Departments of Energy and the Interior, and the
National Park Service were all hit and had web sites defaced along with the White House
web site. The site was downed for three days by continual e-mail bombing. Although the
attack was rather random and brief and affected a small number of U.S. sites, the effects
could have been worse.

Tamil Tiger Attempt

10/21
In 1998, with surges of violence committed in Sri Lankan over several years, attacks in
cyber-space were the next area to target. The group known as the Tamil Tigers, a violent
guerrilla organization, bombarded Sri Lankan embassies with over 800 e-mails a day.
This was carried out over a two week period. The attacked the e-mail message conveyed
the message, “We are the Internet Black Tigers and we’re doing this to disrupt your
communications.” After the messages created such major disruption the local
Intelligence authorities were dispatched to investigate. The authorities declared the
attack as the first known attack on the Sri Lankan by the terrorists on any computer
system in the nation.

ISIS
Recent activities of ISIS in Middle East and series of videos released by them are
potential cyber terrors. They are using Cyber space for their propaganda and for
influencing vulnerable people to join ISIS. It is threat to the world and the way they are
growing needs global cooperation to check them before they create havoc.

Why we need to regulate Cyberspace

There has been a rapid increase in the use of the online environment where millions of
users have access to internet resources and are providing contents on a daily basis.(For
example INSIGHTS )

The use of internet particularly for the distribution of obscene, indecent and
pornographic content. The use of internet for child pornography and child sexual
abuse and the relative ease with which the same may be accessed calls for strict
regulation.

The increasing business transaction from tangible assets to intangible assets like
Intellectual Property has converted Cyberspace from being a mere info space into
important commercial space. The attempt to extend and then protect intellectual
property rights online will drive much of the regulatory agenda and produce many
technical methods of enforcement.

The major area of concern where some sort of regulation is desirable is data protection
and data privacy so that industry, public administrators, netizens, and academics can
have confidence as on-line user.

Internet has emerged as the ‘media of the people’ as the internet spreads fast there
were changes in the press environment that was centered on mass media. Unlike as in
the established press, there is no editor in the Internet. People themselves produce and
circulate what they want to say and this direct way of communication on internet has
caused many social debates. Therefore the future of Cyberspace content demands the
reconciliation of the two views of freedom of expression and concern for community
standards.

11/21
Another concern is that, money laundering, be ‘serious crime’ becomes much simpler
through the use of net. The person may use a name and an electronic address, but there
are no mechanisms to prove the association of a person with an identity so that a person
can be restricted to a single identity or identity can be restricted to a single person.
Therefore Cyberspace needs to be regulated to curb this phenomenon.

Tools to protect against cyber threats

Other than the general use of antivirus, firewalls & gateways, strong passwords, secure
wi-fi connection, training to netizen, etc. there are few other practise which keeps our
data and network safe from cyber threats. Some of them are mentioned below:

Digital Signatures

A Digital Signature is a technique by which it is possible to secure electronic information

in such a way that the originator of the information, as well as the integrity of the
information, can be verified. This procedure of guaranteeing the origin and the integrity
of the information is also called Authentication.

The authenticity of many legal, financial, and other documents is determined by the
presence or absence of an authorized handwritten signature. For a computerised
message system to replace the physical transport of paper and ink documents
handwritten signatures have to be replaced by Digital Signatures.

12/21
A digital signature is only a technique that can be used for different authentication
purposes. For an E-record, it comes functionally very close to the traditional handwritten
signatures. The user himself/ herself can generate key pair by using specific crypto
software. Now Microsoft IE and Netscape, allow the user to create his/ her own key pair.
Any person may make an application to the Certifying Authority for issue of Digital
Signature Certificate.

Encryption

One of the most powerful and important methods for security in computer systems is to
encrypt sensitive records and messages in transit and in storage. Cryptography has a
long and colourful history. Historically, four groups of people have used and contributed
to the art of Cryptography, the military, the diplomatic corps, diarists, and lovers. The
military has had the most sensitive role and has shaped the field.

At present, information and data security plays a vital role in the security of the country,
the security of the corporate sector and also of every individual, working for personal
benefit. The message or data to be encrypted, also known as the plaintext, is
transformed by a function that is parameterized by a KEY. The output of the encryption
process, known as the cipher text, is then transmitted through the insecure
communication channel. The art of breaking ciphers is called cryptanalysis. The art of
devising ciphers (cryptography) and breaking them (cryptanalysis) is collectively known
as cryptology. It is done with the help of algorithms, few of them are- The Secret-Key
Algorithm, Data Encryption Standard (DES, Public Key Algorithms, RSA Algorithm, etc.

Security Audit

A security audit is a systematic evaluation of the security of a company’s information

system by measuring how well it conforms to a set of established criteria. It is to find out
the vulnerabilities that an organization is facing with its IT infrastructure. A thorough
audit typically assesses the security of the system’s physical configuration and
environment, software, information handling processes, and user practices.

Cyber Forensics

Cyber Forensics is a very important

ingredient in the investigation of cyber
crimes. Cyber forensics is the discovery,
analysis, and reconstruction of evidence
extracted from any element of
computer systems, computer networks,
computer media, and computer
peripherals that allow investigators to
solve a crime.
13/21
Principal concerns with computer forensics
involve imaging storage media, recovering
deleted files, searching slack and free
space, and preserving the collected
information for litigation purposes.

The other concern is network forensics, is a

more technically challenging aspect of
cyber forensics. It gathers digital evidence
that is distributed across large-scale,
complex networks.

E-discovery investigation includes areas like money laundering, corruption, financial

frauds, cyber crimes, serious frauds and white collar crimes investigation, etc.
Presently e-discovery services in India are in infancy stage and this is the reason why
many cases of corporate frauds and cyber crimes remain unreported.

Cyber Laws in India

The first technology based law in India was the Indian Telegraph Act of 1885. This law
was framed with the advent of the telegraph and later covered yet another advance in
technology, the telephone.

In the domain of technology driven law falls the Information Technology Act, 2000.While
the Information Technology Act is the most significant Act addressing conduct in
cyberspace in India, there are a whole lot of other Acts that would apply to govern and
regulate conduct and transactions in cyberspace.

Take for instance online contracts. Apart from the relevant provisions of the IT Act, the
Indian Contract Act, the Sale of Goods Act, 1930 etc. would be relevant to determine the
legality of such contracts.

Further the provisions of the Competition Act, 2002 or in case of unfair trade practices,
the Consumer Protection Act 1986, would also be relevant.

Protection of intellectual property available on the Internet is one of the greatest

challenges of the day. Be it books, films, music, computer software, inventions, formulas,
recipes, everything is available on the net. Protection of copyrights trademarks online
would entail the invocation of the Indian Copyright Act and, the Trade Marks Act.

As far as illegal activities on the net are concerned, apart from specific provisions in the
IT Act that penalizes them, a whole gamut of other Acts would govern them. For instance
in case of an Internet fraud, based on the nature of the fraud perpetrated, Acts such as
the Companies Act, 1956, the

14/21
Thus it can be inferred that while the IT Act is the quintessential Act regulating conduct
on the Internet based on the facts of a case or the nature of a transaction, several other
Acts may be applicable. Therefore, cyber laws includes the whole set of legislation that
can be applied to determine conduct on the Internet.

Information Technology Act, 2000

The Information Technology Act, 2000 intends to give legal recognition to e-commerce
and e-governance and facilitate its development as an alternate to paper based
traditional methods. The Act has adopted a functional equivalents approach in which
paper based requirements such as documents, records and signatures are replaced with
their electronic counterparts.

The Act seeks to protect this advancement in technology by defining crimes, prescribing
punishments, laying down procedures for investigation and forming regulatory
authorities. Many electronic crimes have been bought within the definition of traditional
crimes too by means of amendment to the Indian Penal Code, 1860. The Evidence Act,
1872 and the Banker’s Book Evidence Act, 1891 too have been suitably amended in order
to facilitate collection of evidence in fighting electronic crimes.

The IT act has been amended in 2008 and its important provisions can be read here-
http://cis-india.org/internet-governance/publications/it-act/short-note-on-amendment-
act-2008

National Cyber security Policy, 2013

In light of the growth of IT sector in the country, the National Cyber Security Policy of
India 2013 was announced by Indian Government in 2013 yet its actual
implementation is still missing. As a result fields like e-governance and e-commerce are
still risky and may require cyber insurance in the near future. Its important features
include:

To build secure and resilient cyber space.

Creating a secure cyber ecosystem, generate trust in IT transactions.
24 x 7 NATIONAL CRITICAL INFORMATION INFRASCTRUCTURE PROTECTION
CENTER (NCIIPC)
Indigenous technological solutions (Chinese products and reliance on foreign
software)
Testing of ICT products and certifying them. Validated products
Creating workforce of 500,000 professionals in the field
Fiscal Benefits for businessman who accepts standard IT practices, etc.

For
more-http://deity.gov.in/sites/upload_files/dit/files/National%20Cyber%20Security%20Pol
icy%20(1).pdf

Ongoing efforts in India

15/21
The government has conducted several awareness and training programmes on cyber
crimes for law enforcement agencies including those on the use of cyber Forensics
Software packages and the associated procedures with it to collect digital evidence from
the scene of crime.

Special training programmes have also been conducted for the judiciary to train them on
the techno-legal aspects of cyber crimes and on the analysis of digital evidence
presented before them. Both the CBI and many state police organizations are today
geared to tackle cybercrime through specialised cyber crime cells that they have set up.

Cyber security initiatives and projects in India are very less in numbers. Even if some
projects have been proposed, they have remained on papers only.

The list is long but sufficient is to talk about the projects like National Critical Information
Infrastructure Protection Centre (NCIPC) of India, National Cyber Coordination Centre
(NCCC) of India, Tri Service Cyber Command for Armed Forces of India , Cyber Attacks
Crisis Management Plan Of India, etc. None of them are “Coordinating” with each other
and all of them are operating in different and distinct spheres. Recently, the National
Technical Research Organization (NTRO) was entrusted with the responsibility to protect
the critical ICT infrastructures of India.

India has already launched e-surveillance projects like National Intelligence Grid
(NATGRID), Central Monitoring System (CMS), Internet Spy System Network and Traffic
Analysis System (NETRA) of India, etc. None of them are governed by any Legal
Framework and none of them are under Parliamentary Scrutiny. Thus, these projects are
violate of Civil Liberties Protection in Cyberspace and provisions of

National Informatics Centre (NIC) has been formed which provides network backbone
Manages IT services, E -GOV initiatives to central and state governments.

Stakeholder agencies in India

Countering cyber crimes is a coordinated effort on the part of several agencies in the
Ministry of Home Affairs and in the Ministry of Communications and Information
Technology. The law enforcement agencies such as the Central Bureau of Investigation,
The Intelligence Bureau, state police organizations and other specialised organizations
such as the National Police Academy and the Indian Computer Emergency Response
Team (CERT-In) are the prominent ones who tackle cyber crimes. We will see about of
few of them:

1. National Information Board (NIB)

National Information Board is an apex agency with representatives from relevant

Departments and agencies that form part of the critical minimum information
infrastructure in the country.

2. National Crisis Management Committee (NCMC)

16/21
The National Crisis Management Committee (NCMC) is an apex body of Government of
India for dealing with major crisis incidents that have serious or national ramifications. It
will also deal with national crisis arising out of focused cyber-attacks.

3. National Security Council Secretariat (NSCS)

National Security Council Secretariat (NSCS) is the apex agency looking into the political,
economic, energy and strategic security concerns of India and acts as the secretariat to
the NIB.

4. Department of Information Technology (DIT)

Department of Information Technology (DIT) is under the Ministry of Communications

and Information Technology, Government of India. DIT strives to make India a global
leading player in Information Technology and at the same time take the benefits of
Information Technology to every walk of life for developing an empowered and inclusive
society. It is mandated with the task of dealing with all issues related to promotion &
policies in electronics & IT.

5. Department of Telecommunications (DoT)

Department of Telecommunications (DoT) under the Ministry of Communications and

Information Technology, Government of India, is responsible to coordinate with all ISPs
and service providers with respect to cyber security incidents and response actions as
deemed necessary by CERT-In and other government agencies. DoT will provide
guidelines regarding roles and responsibilities of Private Service Providers and ensure
that these Service Providers are able to track the critical optical fiber networks for
uninterrupted availability and have arrangements of alternate routing in case of physical
attacks on these networks.

6. National Cyber Response Centre – Indian Computer Emergency Response Team

(CERTIn)

CERT-In monitors Indian

cyberspace and coordinates
alerts and warning of imminent
attacks and detection of
malicious attacks among public
and private cyber users and
organizations in the country. It
maintains 24×7 operations centre
and has working
relations/collaborations and
contacts with CERTs, all over the world; and Sectoral CERTs, public, private, academia,
Internet Service Providers and vendors of Information Technology products in the
country.

17/21
6. National Information Infrastructure Protection Centre (NIIPC)

NIIPC is a designated agency to protect the critical information infrastructure in the

country. It gathers intelligence and keeps a watch on emerging and imminent cyber
threats in strategic sectors including National Defence. They would prepare threat
assessment reports and facilitate sharing of such information and analysis among
members of the Intelligence, Defence and Law enforcement agencies with a view to
protecting these agencies’ ability to collect, analyze and disseminate intelligence.

7. National Disaster Management of Authority (NDMA)

The National Disaster Management Authority (NDMA) is the Apex Body for Disaster
Management in India and is responsible for creation of an enabling environment for
institutional mechanisms at the State and District levels.

8. Standardization, Testing and Quality Certification (STQC) Directorate

STQC is a part of Department of Information Technology and is an internationally

recognized Assurance Service providing organization. It has also established a
test/evaluation facility for comprehensive testing of IT security products as per ISO 15408
common criteria security testing standards.

9. The Cyber Regulations Appellate Tribunal

The Cyber Regulations Appellate Tribunal has power

to entertain the cases of any person aggrieved by the
Order made by the Controller of Certifying Authority
or the Adjudicating Officer. It has been established
by the Central Government in accordance with the
provisions contained under Section 48(1) of the
Information Technology Act, 2000.The body is quasi-
judicial in nature

Intergovernmental organisations and initiatives

Intergovernmental organisations and initiatives. Here we will see in brief, an overview of

intergovernmental bodies and initiatives currently addressing cyber security at the policy
level.

Council of Europe

The Council of Europe helps protect societies worldwide from the threat of cybercrime
through the Budapest Convention on Cybercrime, the Cybercrime Convention
Committee (T-CY) and the technical co-operation Programme on Cybercrime. The

18/21
Budapest Convention on Cybercrime was adopted on 8 November 2001 as the first
international treaty addressing crimes committed using or against network and
information systems (computers). It entered into force on 1 July 2004.

Internet Governance Forum (IGF)

The IGF was established by the World Summit on the Information Society in 2006 to
bring people together from various stakeholder groups in discussions on public policy
issues relating to the Internet. While there is no negotiated outcome, the IGF informs
and inspires those with policy making power in both the public and private sectors.

The IGF facilitates a common understanding of how to maximise Internet opportunities

and address risks and challenges. It is convened under the auspices of the Secretary-
General of the United Nations.

Its mandate includes the discussion of public policy issues related to key elements of
Internet governance in order to foster the sustainability, robustness, security, stability
and development of the Internet.

United Nations (UN)

The International Telecommunication Union (ITU) is the specialized agency of the United
Nations which is responsible for Information and Communication Technologies.

ITU deals also with adopting international standards to ensure seamless global
communications and interoperability for next generation networks; building confidence
and security in the use of ICTs; emergency communications to develop early warning
systems and to provide access to communications during and after disasters, etc.

Conferences on Cyberspace

The London Conference on Cyberspace51 (1-2 November 2011) was meant to build on
the debate on developing norms of behavior in cyberspace, as a follow-up to the speech
given by UK Foreign Minister Hague at the Munich Security Conference in February 2011
which set out a number of “principles” that should underpin acceptable behavior on
cyberspace.

Meridian Process

The Meridian process aims to provide Governments worldwide with a means by which
they can discuss how to work together at the policy level on Critical Information
Infrastructure Protection (CIIP). Participation is open to all countries and targets senior
level policymakers. An annual conference and interim activities are held each year to
help build trust and establish international relations within the membership to facilitate
sharing of

NETmundial Confrence

19/21
In reaction to spying and surveillance activity by National security agency of USA through
PRISM, NETmundial – Global Multistakeholder Meeting on the Future of Internet
Governance(23 April 2014 – 24 April 2014) was organized in a partnership between the
Brazilian Internet Steering Committee and /1Net, a forum that gathers international
entities of the various stakeholders involved with Internet governance. This meeting
focused on the elaboration of principles of Internet governance and the proposal for a
roadmap for future development of this ecosystem.

Conclusion

Community in cyberspace is based on the interaction between people. Cyberspace has

an important social aspect to it that must not be overlooked. Cyberspace can be treated
as a channel touching portion of real space at key points. Ideas are passed through the
channel, and business is transacted through this channel. The cyberspace communities
are members of the global community interacting on a different plane than in real space.

With the huge growth in the number of Internet users all over the world, the security of
data and its proper management plays a vital role for future prosperity and potentiality.
It is concerned with people trying to access remote service is that they are not authorized
to use.

Rules for compulsory wearing of helmet for bikers by government authorities, has no
benefit for them, it is for our own safety and life. Same we should understand our
responsibilities for our own cyber space and should at least take care of safety for our

20/21
personal devices. These steps include installation of antivirus software and keeping it
updated, installing personal firewalls and keeping rules updated. We should monitor and
archive all security logs.

We should have backup of important data. Our devices should be protected by

passwords and there should be restricted access to sensitive data on our devices. And
above all, we should aspire for more computer literacy to understand the safety issues
related to our cyber space. At the same time we need to utilise the specialisation of
private sector in the field of cyber security and government should promote more PPP
projects for the national cyber space

21/21