The term “Cyber security” relates to use and protection of information or data stored in computers or networks or other electronic devices connected to the various networks and avoid their unauthorised usage and exploitation from cyber thefts.
As it is rightly said by Stephane Nappo, “It takes 20 years to build a reputation and few minutes of cyber-incident to ruin it.”
With the fourfold increase in digitalisation, social networking, e-commerce and technological advancement and masses becoming more reliant on use of internet for all day to day needs and especially due to the onset of Pandemic where the trend has changed from work from office to work from home and even the mode of learning has gone from physical to virtual, the use of internet has increased and so thus the rate of cybercrime has also increased. There have been growing instances of hacking, cyber-attacks, data theft, online frauds, pornography, child abuse, piracy, cyber terrorism and other illegal cyber activities.
As per NCRB report, India recorded 50,035 cases of cyber crime in 2020, with a 11.8% surge in such offences over the previous year, as 578 incidents of "fake news on social media" were also reported till 15th September 2020.
The main reason for such an increase in cyber crimes is that the criminals find it easy to commit online crimes mainly because of the advantage that they remain unidentified.
Legal Regime
In order to provide legal recognition to information technology and electronic commerce and to regulate all cyber related issues, the Information Technology Act, 2000 (“IT Act”) was passed by the Parliament. The IT Act deals with all issues of hacking and IT Laws and the punishment for the criminals. IT Act was passed along with the rules made thereunder. Few major rules are – i) Information Technology (The Indian Computer Emergency Response Team and Manner of Performing Functions and Duties) Rules, 2013 (“CERT Rules”). CERT is responsible at national and Government level for coordinating and supporting the response to computer security events or incidents.
ii) Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 (“SPDI Rules”). It establishes the mechanism for the corporates in order to help them protect their data.
In addition to the IT Act, there are other statues also that go along with the IT Act. There are some offences which are covered in Indian penal Code, 1860 (“IPC”). Relevant provisions of IPC prescribe punishments for cyber offences such as theft, fraud, sending threatening messages by email, cyber defamation, forgery, Email Spoofing, Web Jacking, Email Abuse.
As with the continuous growth of e-commerce and almost every business is going digital and all transactions related to the businesses or otherwise are done online including fund transfers through various payment methods, so accordingly various amendments were made to the existing Acts and Rules thereunder like, sector-specific regulations are issued by regulators such as the RBI, the IRDA Act 1999, the DOT and the SEBI that call for cybersecurity standards to be maintained by their regulated entities – banks, insurance companies, telecom service providers and listed entities. More specifically, online sale of Arms is regulated through Arms Act, 1959 and online sale of drugs is regulated through Narcotic Drugs and Psychotropic Substances (“NDPS”) Act, 1985.
Not limiting to this, company formations and all filings under the Companies Act, 2013 are done online through Ministry of Corporate Affairs and the document or relevant form filed is signed digitally to authenticate the document.
Along with these amendments have been made in the Indian Evidence Act, 1872. Earlier evidences in physical form only were recognised by the Courts in India but now electronic evidences are also made admissible.
Even under Intellectual property rights (“IPR”), infringements of certain rights are regarded as cyber crimes such as software piracy, infringement of copyright, trademark violations. Infringement of Copyrights on development of software or computer programme is a matter of grave concern and is a punishable offence. Infringement of any IPR that relates to software or computer programming is a punishable offence.
In every state, Cyber cells are established to help citizens and organisations to reach them with their complaint and grievance whenever there is any kind of cyber security breach.
Despite of having a legislature to combat cyber-crimes, we still do not have an effective mechanism to tackle them.
As per the National Cyber Security Policy (“NCSP”), in 2013 the Government of India has tried to lay down certain strategies on how to tackle cyber crimes but still there is no effective implementation. The Personal Data Protection Bill, 2019 which was introduced in Lok Sabha by the Minister of Electronics and Information Technology is still pending.
The recent example of cyber security breach is the Pegasus Spyware case. Pegasus spyware, which is developed by an Israeli cybersecurity was sold only to subscribed governments across the world. This spyware basically helps spies hack into phones of their targets. As per reports, this spyware has hacked hundreds of phones in India. These included many journalists, political leaders, activists, lawyers, academics, bureaucrats and even Supreme Court officials, amongst many others. Amnesty International forensically examined 10 phones from India, “all of which showed signs of either an attempted hack or a successful compromise”.
Once a phone is infected with this spyware then a hacker has got full control over the phone. This clearly shows the lack of cyber security and a direct theft into data of an individual as well as of the government simultaneously. Apart from this, there have been number of cases of cyber security breach. This clearly shows that no antivirus or firewall is strong enough to protect a mobile phone or computer or any other electronic device where data is stored from cyber attack.
Conclusion:
Though, there are number of legislations for punishing the wrong doer but we still do not have a dedicated cyber security law which can deal in every aspect of cyber-crime. Almost on daily basis there is breach of cyber security which not only affects the rights of individuals but also is a great threat to national sovereignty. India needs tougher laws in order to protect the breach itself at the first stance. Along with the laws, we all should remain vigilant with what we download and where we share our data. Moreover, companies can create their own guidelines and practice directions in order to protect their data. Though India has been ranked at 10th position globally as per United Nation’s commitment to Cyber Security but still government should work more towards making appropriate changes and amendments in prevailing laws vis a vis bring in new policies to protect the nation and citizens from Cyber crime.