TMCnet News
Unified approach key to National Cyber securityBangalore, Nov 06, 2008 (Asia Pulse Data Source via COMTEX) -- India needs to relook at its cyber security infrastructure, ensure synergy between drawing effective laws and implementation of laws and explore possibility of setting up a national cyber security advisory board to ensure a unified approach to national cyber security. Speaking at the Bangalore IT Biz here today, Naavi Vijayashankar, Director of Cyber Law College, said setting up a national cyber security advisory board would help act as a central agency for championing a unified approach to the issue. He said though many debated that laws need to be stricter to ensure cyber security, the solution does not lie in drawing a stricter law but to ensure that the existing one was appropriately used. The ITA 2000, he said, was a reasonably strict law and section 66 and section 43 were wide enough to provide reasonable deterrence and remedies. The system of adjudication also provided reasonable grievance redressal mechanism. Section 85 and 79 extend vicarious liabilities to corporate and intermediaries to ensure due diligence. "What we lack is not laws but effective implementation mechanism for investigation and prosecution. We need to build a legal compliance into the law that can create penalty for non compliance and incentive for compliance," he said while suggesting introducing a cyber crime insurance system. He said the police could not be left alone with the responsibility of cybercrime and it needs other supportive practices. Police personnel need to be trained and provided with hi-tech security tools for investigation. He said cybercrime, owing to its multi-jurisdiction, poses legal hassles in tracing the crime for the police. Police in one state cannot even resolve the IP address if the ISP involved is a foreign ISP, he said. Vijayashankar said a leading Indian IT company was accused of letting Chinese hackers into the system which could have compromised on World Bank Data while in another case more than 80 Indian banks were reported to be hacked by Chinese intruders. Some of the leading social networking sites have been used by terrorists for propaganda activities. Speaking on the issue, Dr Gulshan Rai, Director Indian Computer Emergency Response Team (CERT-in) said cyber crimes that were observed were web defacement, proxy scan, denial of service, malicious cods, theft and data manipulation, identity threats, financial frauds and social engineering scams. Out of the security crimes listed in 2007, 32 per cent were phishing, 29 per cent malicious codes while spam accounted for three percent and denial of service four per cent. US and China topped in origination of malicious codes. In 2007, one third of security breaches occurred in corporates and non profit agencies, 27 per cent in educational establishments, 27 per cent in government agencies and 13 per cent in medical establishments, said Dr Kamlesh Bajaj, CEO, Data Security Council of India. Electronic hacking led to 10 million records being exposed while lost, stolen and missing equipment and documents were source of 127 incidents affecting 38 million personal records. Inadvertent or intentional publishing of personal information on website accounted fo 2.8 million records. Giving a perspective of threat, he said one in 50 files contain critical information and one 400 emails contain confidential information. The five emerging threats in 2009 were malaware, botnets, cyber wafare, threats to VoIP and mobile devices and evolving of cyber crime. Financial motivation will increase attacks to smart phones in years to come, Anant R Koppar, Chairman and CEO KTwo Technology Solution said. |