By Arushi Sharma
The Chief Justice of India—Dipak Misra—emphasised the need for having stronger cyber laws in the country while inaugurating the International Conference on Cyber Law, Cyber Crime and Cyber Security last week. He called on all stakeholders, including the judiciary, to be up to date with the constantly evolving cyberspace, stating that the lawmakers have to be smarter than the nuisance makers.
The argument of stepping up cybersecurity in India has been rife in the wake of the government’s demonetisation initiative and the subsequent nation-wide digitisation efforts. With India hosting the Global Conference on Cyber Space (GCCS) for the first time, the issue has garnered a renewed dialogue once again. The GCCS is scheduled to take place in New Delhi on the 23rd and 24th of November, attracting participation from over 30 countries including France, Russia, Israel and the United Kingdom. Notably, the conference will focus on cyber-diplomacy with the theme ‘Cyber4All: A Secure and Inclusive Cyberspace for Sustainable Development’, according to IT and Electronics Minister Ravi Shankar Prasad.
Cybersecurity in India
The government’s Digital India push has prompted a larger number of citizens, companies and government agencies to transact online. Consumers today leave a substantial trace of their data in the cyberspace, giving hackers and criminals a greater opportunity to create havoc. Back in July, IIT Kanpur submitted a report to the Parliament that highlighted the need for cybersecurity in India by stating, “The danger of cybercrime is looming large on the defence, education and telecom sectors. Around 164 government websites were hacked in 2015.â€
The estimated cost of cyber attacks in India stands at four billion dollars. As Indian companies become more networked, the cost is expected to reach $20 billion in the next 10 years. India Inc. must realise that in order to truly harness the fruits of a digital economy, the frequent malware attacks and data breaches should be cleaned off the cyberspace. Â
The glaring inattention
Indian boardrooms are inadequately equipped to handle the quantum of cyber threats facing them. The findings of a recent EY survey titled “The Global Information Security Survey 2016-17†has revealed that 38 percent of respondents (government entities, IT executives, and managers of globally recognised firms) are not even fully aware of the cyber risks.
As far as the government is concerned, there have been a few welcome steps towards strengthening the security of critical information. One of them is the formation of the National Critical Information Infrastructure Protection Centre (NCIIPC) in 2014. However, informing employees and officials of standard security procedures still needs adequate attention. Unaware personnel may release malware into the servers by clicking on a phishing e-mail. They may also end up compromising data security by using personal email IDs and external portable devices such as USBs.
The tale of untrained personnel
It was in 2013 that India announced its first-ever National Cyber Security Policy. The policy envisioned to “create a workforce of 5,00,000 professionals skilled in cybersecurity in the next five years through capacity building, skill development and training.” According to an India Today report, the number of such skilled personnel has reached only 10 percent of the target in four years. Moreover, the existing policy is more of a broad statement of principles than a comprehensive framework required to handle the looming challenge. The stark shortage of cyber experts indicates a need for rebooting the policy.
The road to cyber fortification
For a nation that is on the cusp of a digital revolution, it is imperative to plug the gaps in the industry-specific cybersecurity knowledge and skills. Companies can also run regular tests to ensure that the IT staff is adept at identifying potential attack scenarios and implementing appropriate measures. An updated cybersecurity policy should provide a specific course of action and timeline for training the cyber specialists. In addition, regulators should ensure that they cover all aspects of cybersecurity and prescribe minimum standards for companies. Tougher laws and better cyber-legal frameworks will deter cyber criminals and perpetrators who corrode social and constitutional values.
Echoing what the CJI said last week, the barrier-free cyberspace can also benefit from greater global cooperation on issues of cybercrime and individual privacy. “As there are no barriers, there has to be something else which has to be thought of and in that area, I have no objection in saying there has to be an international committee,†he had said. It is important that the international discourse at the GCCS on tackling the ever-growing cyber threats is not limited to mere rhetoric, but also delivers actionable insights which could be implemented to make India more cyber-secure.
Featured Image Source:Â Richard G.
Stay updated with all the insights.
Navigate news, 1 email day.
Subscribe to Qrius