Cer ecurit and Related Iue: Comprehenive
Coverage
Inight, inightonindia.com
(http://getpocket.com/redirect?
url=http%3A%2F%2Fwww.inightonindia.com%2F2014%2F11%2F25%2Fcerecurit-related-iue-comprehenivecoverage%2F)
Novemer 25th, 2014
View Original
tructure
Introduction
Tpe of ecurit Threat
Conventional cer crime
Cer warfare and it example
Cer terrorim
Cer terror: ome xample
Wh we need to regulate Cer pace
Tool to protect againt Cer Threat
Cer Law in India
Ongoing effort in India
takeholder Agencie in India
Intergovernmental organization and Initiative
Concluion
Introduction
Cerpace i uch a term, which i not et completel de͍ned and alo ha no geographical
limitation. It i a term aociated with application of the Internet worldwide. It i alo called a
a virtual pace a phical exitence of cerpace i not detectale at all. Cerpace i “the
total interconnectedne of human eing through computer and telecommunication
without regard to phical geograph.”
Information through computer i tranferred in the form of One (1) and Zero (0), which do
not inherentl carr an eparate information along with them for authentication. For
authentication purpoe, additional information need to e carried with cerpace
tranaction for identit purpoe.
Providing extra information in digital communication introduce the poiilit for identit
theft. ecaue nothing prevent the tranmiion of fale identit information, or the
1
Item added
duplication of another’ identit information.
The erioune of thi prolem i highlighted when ou conider that future technologie
will allow extremel important identi͍er, uch a a retinal can or a ͍ngerprint, to e
repreented digitall. Thee iometric characteritic are protected in real pace ecaue the
are emedded in the phical od of the peron. Thi i lot in cerpace. Thu, cerpace
need a tem that allow individual to verif their identitie to other without revealing to
them the digital repreentation of their identitie.
Tpe of ecurit threat
Cercrime conit of peci͍c crime dealing with computer and network, uch a
hacking, phihing and the facilitation of traditional crime through the ue of computer (child
pornograph, hate crime, telemarketing/internet fraud). A rief introduction to ome
common cer related violation, or cercrime a the are more commonl referred to are
dicued elow:
Hacking
Hacking in imple term mean an illegal intruion into a computer tem and/or
network. There i an equivalent term to hacking i.e. cracking, ut from Indian legal
perpective there i no di㼂erence etween the term hacking and cracking. ver act
committed toward reaking into a computer and/or network i hacking. Hacker write
or ue read-made computer program to attack the target computer.
Child Pornograph
The Internet i extenivel ued for exual aue of children. A more home have acce to
internet, more children are acceing it and thi enhance their vulnerailit of falling victim
to the aggreion of paedophile. Paedophile (a peron who i exuall attracted to children)
lure the children ditriuting pornographic material and then purue them for exual
exploitation. ometime paedophile contact children in chat room poing a teenager or a
children of imilar age, the win the con͍dence of thee children, then induce them into
exuall provocative dicuion. Then egin the actual exploitation of children.
Cer talking
Thi term i ued to refer to the ue of the internet, e-mail, or other electronic
communication device to talk another peron. Cer talking can e de͍ned a the
repeated act of harament or threatening ehaviour of the cer-criminal toward the victim
uing internet ervice.
Denial of ervice
Thi i a technolog driven cer intruion, where the inɕuencer ɕood the andwidth or
lock the uer’ mail with pam mail depriving the uer, acce to the Internet and the
ervice provided therefrom. A Do Attack (a it i commonl known) can e perpetrated in a
numer of wa.
Diemination of Maliciou oftware (Malware)
Malware i de͍ned a a oftware deigned to perform an unwanted illegal act via the computer
network. It could e alo de͍ned a oftware with maliciou intent. Malware can e clai͍ed
aed on how the get executed, how the pread, and/or what the do. ome of them are
dicued elow.
a) Viru
A viru i a program that can infect other program modifing them to include a poile
evolved cop of itelf. A viru can pread throughout a computer or network uing the
authorization of ever uer uing it to infect their program. ver program o infected ma
alo act a a viru and thu the infection grow. Virue normall a㼂ect program ͍le, ut in
ome cae the alo a㼂ect data ͍le dirupting the ue of data and detroing them
completel.
) Worm
Worm are alo dieminated through computer network, unlike virue, computer worm
are maliciou program that cop themelve from tem to tem, rather than in͍ltrating
legitimate ͍le. For example, a ma mailing e-mail worm i a worm that end copie of itelf
via e-mail. A network worm, on the other hand make copie of itelf throughout a network,
thu dirupting an entire network.
c) Trojan
Trojan i another form of Malware, trojan do thing other than what i expected the uer.
Trojan or trojan hore i a program that generall impair the ecurit of a tem. Trojan are
ued to create ack-door (a program that allow outide acce into a ecure network) on
computer elonging to a ecure network o that a hacker can have acce to the ecure
network.
Unlike virue (http://www.weopedia.com/TRM/V/viru.htm), Trojan hore do not
replicate themelve ut the can e jut a detructive. One of the mot inidiou tpe of
Trojan hore i a program that claim to rid our computer of virue ut intead introduce
virue onto our computer.
d) Hoax
Hoax i an e-mail that warn the uer of a certain tem that i harming the computer. The
meage thereafter intruct the uer to run a procedure (mot often in the form of a
download) to correct the harming tem. When thi program i run, it invade the tem
and delete an important ͍le.
e) pware
pware invade a computer and, a it name implie, monitor a uer’ activitie without
conent. pware are uuall forwarded through unupecting e-mail with ona͍de e-mail
i.d. pware continue to infect million of computer gloall.
Phihing
Phiher lure uer to a phon we ite, uuall ending them an authentic appearing email. Once at the fake ite, uer are tricked into divulging a variet of private information,
uch a paword and account numer
Data Related
Data interception –Hijacking e-mail, interference of an intermediar in the network, ma e
a prelude to another tpe of computer crime, tpicall data modi͍cation.
Data diddling: –Uuall done in conjunction with data interception, valid data intended for a
recipient i hijacked or intercepted and then i replaced with an erroneou one. Thi could
alo appl to illegal tapping into dataae and altering it content. aicall, an form of
alteration without appropriate authorization fall under thi categor.
Data theft -outright tealing of mot commonl clai͍ed or proprietar information without
authorization. Thi could e the reult of data interception. It might alo e the unlawful ue
or poeion of coprighted work uch a ong, picture, movie or other work of art.
Network Related
Network interference -an activit that caue the operation of a computer network to e
temporaril dirupted. Interference implie omething momentaril uch a Denial of ervice
Attack that caue dela in data tranmiion uing up all availale andwidth.
Ditriuted denial of ervice, ping of death and murf attack alo fall under thi categor.
Data ecurit Network aotage – cauing permanent damage to a computer network uch a
deleting ͍le or record from torage.
Conventional cer crime
Cer Defamation
Defamation comprie of oth liel (defamation mean of writing) and lander (defamation
peaking). After the popularit of the printing pre, one witneed the increae in liel.
With the advent of information technolog and the Internet, liel ha ecome much more
common and of coure, eaier.
In imple word, it implie defamation anthing which can e read, een or heard with the
help of computer/technolog. ince the Internet ha een decried a having ome or all of
the characteritic of a newpaper, a televiion tation, a magazine, a telephone tem, an
electronic lirar and a pulihing houe, there are certain noticeale di㼂erence etween
online and o ine attempt of defamation which make the online defamation more vigorou
and e㼂ective.
Corporate Cer mear
Harmful and defamator online meage ha een termed a corporate cer mear. It i a
fale and diparaging rumour aout a compan, it management or it tock that i poted on
the Internet. Thi kind of criminal activit ha een a concern epeciall in tock market and
͍nancial ector where knowledge and information are the ke factor for uinemen.
Digital Forger
Forger i creation of a document which one know i not genuine and et project the ame
a if it i genuine. Digital forger implie making ue of digital technolog to forge a
document. Dektop pulihing tem, colour laer and ink-jet printer, colour copier, and
image canner enale crook to make fake, with relative eae, of cheque, currenc,
paport, via, irth certi͍cate, ID card, etc.
Online Gamling
Gamling i in man countrie illegal. Computer i a medium for the purpoe of online
gamling. The act of gamling i categoried a an o㼂ence in ome countrie and ha a legal
anctit in other. The main concern with online gamling i that mot virtual caino are
aed o㼂hore making them di㼂cult to regulate.
It i in thi ituation that the Internet help the gamler to evade the law. Anone with acce
to a peronal computer and an Internet connection can purchae lotter ticket or viit
gamling ite anwhere in the world. The world of online gamling, due to it anonmit,
unfortunatel ha man other hazard like danger of illegal ue of credit card or illegal acce
to ank account.
Online ale of illegal article
There are certain article like drug, gun, pirated oftware or muic that might not e
permitted to e old under the law of a particular countr. However, thoe who would want
to ell uch article ͍nd Internet a afe zone to open up online hop. There are peci͍c
concern with regard to increae in online ale of drug.
The ale of illegal article on the Internet i alo one of thoe computer crime where the
computer i merel a tool to commit the crime
-mail pamming/ e-mail oming
pam refer to ending of unolicited meage in ulk. Technicall, it overɕow the limitedized memor exceivel large input data. In relation to e-mail account, it mean
oming an e-mail account with a large numer of meage mae the ame or di㼂erent
meage
pam i an unolicited meage requiring one’ time and e㼂ort to get rid o㼂. A regular uppl
of uch pam meage would naturall reult in coniderale annoance. It would alo
directl hamper the interet of the uer in hi electronic mailox where he doe not expect
an interference and encroachment. The reult, apart from lo of Internet working hour and
thwarting one’ regular e-mail tream, could e one of mental agon and ditre.
Cer Warfare and it example
Cer warfare i Internet-aed conɕict involving politicall motivated attack on
information and information tem. Cer warfare attack can diale o㼂cial weite and
network, dirupt or diale eential ervice, teal or alter clai͍ed data, and cripple
͍nancial tem.
In 2010, tuxnet, which wa deigned to attack indutrial programmale logic controller
(http://en.wikipedia.org/wiki/Programmale_logic_controller) wa directed againt the
Iranian nuclear programme. ince the dicover of the tuxnet malware, other “cer
weapon” have made their appearance.
The Duqu worm wa dicovered in eptemer 2011, followed in quick ucceion the
Mahdi, Gau and Flame malware. Flame, Duqu and Gau hared imilar digital DNA with
tuxnet with primar purpoe eemed to e epionage (ping), with their target ranging
from anking to governmental to energ network.
Flame’ capailitie ranged from recording kpe converation and downloading
information from mart phone to more mundane activitie uch a recording audio,
creenhot, ketroke and network tra㼂c recording.
The Mahdi Trojan
eemed to have pread via phihing email even though it purpoe wa alo apparentl
epionage. Infection were reported from Iran, Irael, Afghanitan, the United Ara mirate,
audi Araia, ria, Leanon and gpt.
Wiper, a new viru
wa reported in April 2012 that wa much more maliciou, and wiped o㼂 the data on all
computer that it infected. Thi viru largel a㼂ected network in Iran.
The hamoon viru
i reported to have wiped o㼂 the data from 30,000 computer of the audi Araian tate oil
compan, Aramco, followed a week later a imilar epiode on the network of the econd
larget LNG compan in the world, Ra Ga of Qatar.
In what ha ecome the norm for uch cer-attack, depite intene invetigation antiviru companie, the origin of the malware have remained largel in the realm of peculation
and inference.
While ownerhip of the tuxnet (and inference, it couin Duqu, Flame and Gau)
malware wa claimed the Oama Adminitration for electoral purpoe, the hamoon viru
i peculated to e a revere-engineered verion of the Wipe viru unleahed hacker loal
to the Iranian regime. Tit-for-tat attack look et to ecome the norm a the countrie of the
region ecure up their cer pace.
In another incidence, it wa reported that the Chinee Intelligence Agencie ma have planted
Malware in Computer and roken into the Headquarter of 33 Corp, Indian Arm formation
looking after mot of the North-atern order with China. The Cer Intruion alo planted
a Trojan Hore to give Chinee Agencie remote acce to the computer network at the 33
Corp Headquarter in ukhna, near iliguri, Wet engal.
Cer war would not actuall e war ecaue there aren’t lo of human live, ut analzing
thee incident and the continuou dicoverie of maliciou tate-ponored malware, it i
poile to undertand the great activitie in cerpace and related unpredictale
repercuion on civil and militar infratructure.
Cer Terrorim
‘Cer terrorim i the convergence of terrorim and cer pace. It i generall undertood
to mean unlawful attack and threat of attack againt computer, network, and information
tored therein when done to intimidate or coerce a government or it people in furtherance of
political or ocial ojective.
Further, to qualif a cer terrorim, an attack hould reult in violence againt peron or
propert or at leat caue enough harm to generate fear. Attack that lead to death or odil
injur, exploion, plane crahe, water contamination or evere economic lo would e
example. eriou attack againt critical infratructure could e act of cer terrorim
depending upon their impact. Attack that dirupt noneential ervice or that are mainl a
cotl nuiance would not.
Cer-terrorim can alo e undertood a “the ue of computer network tool to hut down
critical national infratructure (uch a energ, tranportation, government operation) or to
coerce or intimidate a government or civilian population.” A hotile nation or group could
exploit thee vulnerailitie to penetrate a poorl ecured computer network and dirupt or
even hut down critical function.
Cer terror: ome example
Middle at Tenion park Cer Attack
With the Middle at Conɕict at a ver heated moment etween ordering countrie ProPaletinian and Pro-Irael Cer Group have een launching an o㼂enive againt weite
and mail ervice ued the political ector the oppoing group how upport for. The
attack had een reported the NIPC (National Infratructure Protection Center) in Octoer
of 2000 to U.. O㼂cial. The attack were a volle of email ɕood, Do attack, and ping
ɕooding of uch ite a the Irael Foreign Minitr, Iraeli Defene Force, and in revere,
ite that elonged to group uch a Hama and Hezollah.
Pakitan/India ConԎict
A tenion etween the neighoring region of India and Pakitan over Kahmir grew over
time, Pro-Pakitan cer-terrorit and recruited hacker egan to target India’ Internet
Communit. Jut prior to and after the eptemer 11 attack, it i elieved that the
mpathizer of Pakitan (which alo included memer of the Al Qaeda Organization) egan
their pread of propaganda and attack againt Indian Internet aed communitie. Group
uch a G-Force and Doctor Nuker have defaced or dirupted ervice to everal major entitie
in India uch a the Zee TV Network, The India Intitue of cience and the haha Atomic
Reearch Center which all have political tie.
Retaliation in China
In Ma 1999 the accidental oming of a Chinee ema in Yugolavia U.. omer, led
to a maive we ite defacement and e-mail omardment attack on American companie
and agencie. Pro-Chinee hacker and political group executed the attack to gain mpath
for the Chinee caue.
U Government ite uch a the U.. Department of nerg and the Interior, and the
National Park ervice were all hit and had we ite defaced along with the White Houe we
ite. The ite wa downed for three da continual e-mail oming. Although the attack
wa rather random and rief and a㼂ected a mall numer of U.. ite, the e㼂ect could have
een wore.
Tamil Tiger Attempt
In 1998, with urge of violence committed in ri Lankan over everal ear, attack in cerpace were the next area to target. The group known a the Tamil Tiger, a violent guerrilla
organization, omarded ri Lankan emaie with over 800 e-mail a da. Thi wa carried
out over a two week period. The attacked the e-mail meage conveed the meage, “We are
the Internet lack Tiger and we’re doing thi to dirupt our communication.” After the
meage created uch major diruption the local Intelligence authoritie were dipatched to
invetigate. The authoritie declared the attack a the ͍rt known attack on the ri Lankan
the terrorit on an computer tem in the nation.
II
Recent activitie of II in Middle at and erie of video releaed them are potential
cer terror. The are uing Cer pace for their propaganda and for inɕuencing vulnerale
people to join II. It i threat to the world and the wa the are growing need gloal
cooperation to check them efore the create havoc.
Wh we need to regulate Cerpace
There ha een a rapid increae in the ue of the online environment where million of uer
have acce to internet reource and are providing content on a dail ai.(For example
INIGHT )
The ue of internet particularl for the ditriution of ocene, indecent and pornographic
content. The ue of internet for child pornograph and child exual aue and the relative
eae with which the ame ma e acceed call for trict regulation.
The increaing uine tranaction from tangile aet to intangile aet like Intellectual
Propert ha converted Cerpace from eing a mere info pace into important commercial
pace. The attempt to extend and then protect intellectual propert right online will drive
much of the regulator agenda and produce man technical method of enforcement.
The major area of concern where ome ort of regulation i deirale i data protection and
data privac o that indutr, pulic adminitrator, netizen, and academic can have
con͍dence a on-line uer.
Internet ha emerged a the ‘media of the people’ a the internet pread fat there were
change in the pre environment that wa centered on ma media. Unlike a in the
etalihed pre, there i no editor in the Internet. People themelve produce and circulate
what the want to a and thi direct wa of communication on internet ha caued man
ocial deate. Therefore the future of Cerpace content demand the reconciliation of the
two view of freedom of expreion and concern for communit tandard.
Another concern i that, mone laundering, e ‘eriou crime’ ecome much impler
through the ue of net. The peron ma ue a name and an electronic addre, ut there are
no mechanim to prove the aociation of a peron with an identit o that a peron can e
retricted to a ingle identit or identit can e retricted to a ingle peron. Therefore
Cerpace need to e regulated to cur thi phenomenon.
Tool to protect againt cer threat
Other than the general ue of antiviru, ͍rewall & gatewa, trong paword, ecure wi-͍
connection, training to netizen, etc. there are few other practie which keep our data and
network afe from cer threat. ome of them are mentioned elow:
Digital ignature
A Digital ignature i a technique which it i poile to ecure electronic information in
uch a wa that the originator of the information, a well a the integrit of the information,
can e veri͍ed. Thi procedure of guaranteeing the origin and the integrit of the information
i alo called Authentication.
The authenticit of man legal, ͍nancial, and other document i determined the preence
or aence of an authorized handwritten ignature. For a computeried meage tem to
replace the phical tranport of paper and ink document handwritten ignature have to e
replaced Digital ignature.
A digital ignature i onl a technique that can e ued for di㼂erent authentication purpoe.
For an -record, it come functionall ver cloe to the traditional handwritten ignature.
The uer himelf/ herelf can generate ke pair uing peci͍c crpto oftware. Now
Microoft I and Netcape, allow the uer to create hi/ her own ke pair. An peron ma
make an application to the Certifing Authorit for iue of Digital ignature Certi͍cate.
ncrption
One of the mot powerful and important method for ecurit in computer tem i to
encrpt enitive record and meage in tranit and in torage. Crptograph ha a long and
colourful hitor. Hitoricall, four group of people have ued and contriuted to the art of
Crptograph, the militar, the diplomatic corp, diarit, and lover. The militar ha had the
mot enitive role and ha haped the ͍eld.
At preent, information and data ecurit pla a vital role in the ecurit of the countr, the
ecurit of the corporate ector and alo of ever individual, working for peronal ene͍t.
The meage or data to e encrpted, alo known a the plaintext, i tranformed a
function that i parameterized a KY. The output of the encrption proce, known a the
cipher text, i then tranmitted through the inecure communication channel. The art of
reaking cipher i called crptanali. The art of deviing cipher (crptograph) and
reaking them (crptanali) i collectivel known a crptolog. It i done with the help of
algorithm, few of them are- The ecret-Ke Algorithm, Data ncrption tandard (D,
Pulic Ke Algorithm, RA Algorithm, etc.
ecurit Audit
A ecurit audit i a tematic evaluation of the ecurit of a compan’ information tem
meauring how well it conform to a et of etalihed criteria. It i to ͍nd out the
vulnerailitie that an organization i facing with it IT infratructure. A thorough audit
tpicall aee the ecurit of the tem’ phical con͍guration and environment,
oftware, information handling procee, and uer practice.
Cer Forenic
Cer Forenic i a ver important ingredient in the invetigation of cer crime. Cer
forenic i the dicover, anali, and recontruction of evidence extracted from an
element of computer tem, computer network, computer media, and computer
peripheral that allow invetigator to olve a crime.
Principal concern with computer forenic involve imaging torage media, recovering
deleted ͍le, earching lack and free pace, and preerving the collected information for
litigation purpoe.
The other concern i network forenic, i a more technicall challenging apect of cer
forenic. It gather digital evidence that i ditriuted acro large-cale, complex network.
-dicover invetigation include area (http://ptl.in/edicover/?page_id=71) like mone
laundering, corruption, ͍nancial fraud, cer crime, eriou fraud and white collar crime
invetigation, etc. Preentl e-dicover ervice in India
(http://edicovererviceinindia.logpot.in/) are in infanc tage and thi i the reaon wh
man cae of corporate fraud and cer crime remain unreported.
Cer Law in India
The ͍rt technolog aed law in India wa the Indian Telegraph Act of 1885. Thi law wa
framed with the advent of the telegraph and later covered et another advance in technolog,
the telephone.
In the domain of technolog driven law fall the Information Technolog Act, 2000.While the
Information Technolog Act i the mot igni͍cant Act addreing conduct in cerpace in
India, there are a whole lot of other Act that would appl to govern and regulate conduct and
tranaction in cerpace.
Take for intance online contract. Apart from the relevant proviion of the IT Act, the
Indian Contract Act, the ale of Good Act, 1930 etc. would e relevant to determine the
legalit of uch contract.
Further the proviion of the Competition Act, 2002 or in cae of unfair trade practice, the
Conumer Protection Act 1986, would alo e relevant.
Protection of intellectual propert availale on the Internet i one of the greatet challenge of
the da. e it ook, ͍lm, muic, computer oftware, invention, formula, recipe,
everthing i availale on the net. Protection of copright trademark online would entail the
invocation of the Indian Copright Act and, the Trade Mark Act.
A far a illegal activitie on the net are concerned, apart from peci͍c proviion in the IT Act
that penalize them, a whole gamut of other Act would govern them. For intance in cae of
an Internet fraud, aed on the nature of the fraud perpetrated, Act uch a the Companie
Act, 1956, the
Thu it can e inferred that while the IT Act i the quinteential Act regulating conduct on
the Internet aed on the fact of a cae or the nature of a tranaction, everal other Act ma
e applicale. Therefore, cer law include the whole et of legilation that can e applied
to determine conduct on the Internet.
Information Technolog Act, 2000
The Information Technolog Act, 2000 intend to give legal recognition to e-commerce and egovernance and facilitate it development a an alternate to paper aed traditional method.
The Act ha adopted a functional equivalent approach in which paper aed requirement
uch a document, record and ignature are replaced with their electronic counterpart.
The Act eek to protect thi advancement in technolog de͍ning crime, precriing
punihment, laing down procedure for invetigation and forming regulator authoritie.
Man electronic crime have een ought within the de͍nition of traditional crime too
mean of amendment to the Indian Penal Code, 1860. The vidence Act, 1872 and the anker’
ook vidence Act, 1891 too have een uital amended in order to facilitate collection of
evidence in ͍ghting electronic crime.
The IT act ha een amended in 2008 and it important proviion can e read here- http://ciindia.org/internet-governance/pulication/it-act/hort-note-on-amendment-act-2008
National Cer ecurit Polic, 2013
In light of the growth of IT ector in the countr, the National Cer ecurit Polic of India
2013 wa announced Indian Government in 2013 et it actual implementation i till
miing. A a reult ͍eld like e-governance and e-commerce are till rik and ma
require cer inurance in the near future. It important feature include:
To uild ecure and reilient cer pace.
Creating a ecure cer ecotem, generate trut in IT tranaction.
24 x 7 NATIONAL CRITICAL INFORMATION INFRACTRUCTUR PROTCTION
CNTR (NCIIPC)
Indigenou technological olution (Chinee product and reliance on foreign oftware)
Teting of ICT product and certifing them. Validated product
Creating workforce of 500,000 profeional in the field
Fical enefit for uineman who accept tandard IT practice, etc.
For morehttp://deit.gov.in/ite/upload_͍le/dit/͍le/National%20Cer%20ecurit%20Polic%20(1).pdf
(http://deit.gov.in/ite/upload_͍le/dit/͍le/National%20Cer%20ecurit%20Polic%20(1).pdf )
Ongoing eԔort in India
The government ha conducted everal awarene and training programme on cer crime
for law enforcement agencie including thoe on the ue of cer Forenic oftware
package and the aociated procedure with it to collect digital evidence from the cene of
crime.
pecial training programme have alo een conducted for the judiciar to train them on the
techno-legal apect of cer crime and on the anali of digital evidence preented efore
them. oth the CI and man tate police organization are toda geared to tackle cercrime
through pecialied cer crime cell that the have et up.
Cer ecurit initiative and project in India are ver le in numer. ven if ome project
have een propoed, the have remained on paper onl.
The lit i long ut u㼂cient i to talk aout the project like National Critical Information
Infratructure Protection Centre (NCIPC) of India (http://ptl.in/crdci/?p=44), National
Cer Coordination Centre (NCCC) of India (http://perr4law.org/cecrdi/?p=850), Tri ervice
Cer Command for Armed Force of India (http://perr4law.org/cecrdi/?p=1083), Cer
Attack Crii Management Plan Of India (http://ptl.in/crdci/?p=254), etc. None of them are
“Coordinating” with each other and all of them are operating in di㼂erent and ditinct phere.
Recentl, the National Technical Reearch Organization (NTRO) wa entruted with the
reponiilit to protect the critical ICT infratructure of India (http://ptl.in/crdci/?p=248).
India ha alread launched e-urveillance project like National Intelligence Grid (NATGRID)
(http://ptl.in/clpic/?p=224), Central Monitoring tem (CM) (http://ptl.in/crdci/?
p=12), Internet p tem Network and Tra㼂c Anali tem (NTRA) of India
(http://ptl.in/clpic/?p=261), etc. None of them are governed an Legal Framework and
none of them are under Parliamentar crutin (http://perr4law.org/cecrdi/?
topic=parliamentar-overight-of-intelligence-agencie-of-india-i-needed). Thu, thee
project are violate of Civil Liertie Protection in Cerpace (http://ptl.in/clpic/) and
proviion of
National Informatic Centre (NIC) ha een formed which provide network ackone
Manage IT ervice, -GOV initiative to central and tate government.
takeholder agencie in India
Countering cer crime i a coordinated e㼂ort on the part of everal agencie in the Minitr
of Home A㼂air and in the Minitr of Communication and Information Technolog. The
law enforcement agencie uch a the Central ureau of Invetigation, The Intelligence
ureau, tate police organization and other pecialied organization uch a the National
Police Academ and the Indian Computer mergenc Repone Team (CRT-In) are the
prominent one who tackle cer crime. We will ee aout of few of them:
1. National Information oard (NI)
National Information oard i an apex agenc with repreentative from relevant
Department and agencie that form part of the critical minimum information infratructure
in the countr.
2. National Crii Management Committee (NCMC)
The National Crii Management Committee (NCMC) i an apex od of Government of India
for dealing with major crii incident that have eriou or national rami͍cation. It will alo
deal with national crii ariing out of focued cer-attack.
3. National ecurit Council ecretariat (NC)
National ecurit Council ecretariat (NC) i the apex agenc looking into the political,
economic, energ and trategic ecurit concern of India and act a the ecretariat to the
NI.
4. Department of Information Technolog (DIT)
Department of Information Technolog (DIT) i under the Minitr of Communication and
Information Technolog, Government of India. DIT trive to make India a gloal leading
plaer in Information Technolog and at the ame time take the ene͍t of Information
Technolog to ever walk of life for developing an empowered and incluive ociet. It i
mandated with the tak of dealing with all iue related to promotion & policie in
electronic & IT.
5. Department of Telecommunication (DoT)
Department of Telecommunication (DoT) under the Minitr of Communication and
Information Technolog, Government of India, i reponile to coordinate with all IP and
ervice provider with repect to cer ecurit incident and repone action a deemed
necear CRT-In and other government agencie. DoT will provide guideline regarding
role and reponiilitie of Private ervice Provider and enure that thee ervice Provider
are ale to track the critical optical ͍er network for uninterrupted availailit and have
arrangement of alternate routing in cae of phical attack on thee network.
6. National Cer Repone Centre – Indian Computer mergenc Repone Team
(CRTIn)
CRT-In monitor Indian cerpace and coordinate alert and warning of imminent attack
and detection of maliciou attack among pulic and private cer uer and organization in
the countr. It maintain 24×7 operation centre and ha working relation/collaoration and
contact with CRT, all over the world; and ectoral CRT, pulic, private, academia,
Internet ervice Provider and vendor of Information Technolog product in the countr.
6. National Information Infratructure Protection Centre (NIIPC)
NIIPC i a deignated agenc to protect the critical information infratructure in the countr.
It gather intelligence and keep a watch on emerging and imminent cer threat in trategic
ector including National Defence. The would prepare threat aement report and
facilitate haring of uch information and anali among memer of the Intelligence,
Defence and Law enforcement agencie with a view to protecting thee agencie’ ailit to
collect, analze and dieminate intelligence.
7. National Diater Management of Authorit (NDMA)
The National Diater Management Authorit (NDMA) i the Apex od for Diater
Management in India and i reponile for creation of an enaling environment for
intitutional mechanim at the tate and Ditrict level.
8. tandardization, Teting and Qualit Certi潲摮cation (TQC) Directorate
TQC i a part of Department of Information Technolog and i an internationall recognized
Aurance ervice providing organization. It ha alo etalihed a tet/evaluation facilit for
comprehenive teting of IT ecurit product a per IO 15408 common criteria ecurit
teting tandard.
9. The Cer Regulation Appellate Triunal
The Cer Regulation Appellate Triunal ha power to entertain the cae of an peron
aggrieved the Order made the Controller of Certifing Authorit or the Adjudicating
O㼂cer. It ha een etalihed the Central Government in accordance with the proviion
contained under ection 48(1) of the Information Technolog Act, 2000.The od i quaijudicial in nature
Intergovernmental organiation and initiative
Intergovernmental organiation and initiative. Here we will ee in rief, an overview of
intergovernmental odie and initiative currentl addreing cer ecurit at the polic
level.
Council of urope
The Council of urope help protect ocietie worldwide from the threat of cercrime
through the udapet Convention on Cercrime, the Cercrime Convention Committee
(T-CY) and the technical co-operation Programme on Cercrime. The udapet Convention
on Cercrime wa adopted on 8 Novemer 2001 a the ͍rt international treat addreing
crime committed uing or againt network and information tem (computer). It entered
into force on 1 Jul 2004.
Internet Governance Forum (IGF)
The IGF wa etalihed the World ummit on the Information ociet in 2006 to ring
people together from variou takeholder group in dicuion on pulic polic iue
relating to the Internet. While there i no negotiated outcome, the IGF inform and inpire
thoe with polic making power in oth the pulic and private ector.
The IGF facilitate a common undertanding of how to maximie Internet opportunitie and
addre rik and challenge. It i convened under the aupice of the ecretar-General of the
United Nation.
It mandate include the dicuion of pulic polic iue related to ke element of Internet
governance in order to foter the utainailit, routne, ecurit, tailit and
development of the Internet.
United Nation (UN)
The International Telecommunication Union (ITU) i the pecialized agenc of the United
Nation which i reponile for Information and Communication Technologie.
ITU deal alo with adopting international tandard to enure eamle gloal
communication and interoperailit for next generation network; uilding con͍dence and
ecurit in the ue of ICT; emergenc communication to develop earl warning tem and
to provide acce to communication during and after diater, etc.
Conference on Cerpace
The London Conference on Cerpace51 (1-2 Novemer 2011) wa meant to uild on the
deate on developing norm of ehavior in cerpace, a a follow-up to the peech given
UK Foreign Miniter Hague at the Munich ecurit Conference in Feruar 2011 which et
out a numer of “principle” that hould underpin acceptale ehavior on cerpace.
Meridian Proce
The Meridian proce aim to provide Government worldwide with a mean which the
can dicu how to work together at the polic level on Critical Information Infratructure
Protection (CIIP). Participation i open to all countrie and target enior level policmaker.
An annual conference and interim activitie are held each ear to help uild trut and etalih
international relation within the memerhip to facilitate haring of
NTmundial Confrence
In reaction to ping and urveillance activit National ecurit agenc of UA through
PRIM, NTmundial – Gloal Multitakeholder Meeting on the Future of Internet
Governance(23 April 2014 – 24 April 2014) wa organized in a partnerhip etween the
razilian Internet teering Committee and /1Net, a forum that gather international entitie of
the variou takeholder involved with Internet governance. Thi meeting focued on the
elaoration of principle of Internet governance and the propoal for a roadmap for future
development of thi ecotem.
Concluion
Communit in cerpace i aed on the interaction etween people. Cerpace ha an
important ocial apect to it that mut not e overlooked. Cerpace can e treated a a
channel touching portion of real pace at ke point. Idea are paed through the channel,
and uine i tranacted through thi channel. The cerpace communitie are memer of
the gloal communit interacting on a di㼂erent plane than in real pace.
With the huge growth in the numer of Internet uer all over the world, the ecurit of data
and it proper management pla a vital role for future properit and potentialit. It i
concerned with people tring to acce remote ervice i that the are not authorized to ue.
Rule for compulor wearing of helmet for iker government authoritie, ha no ene͍t
for them, it i for our own afet and life. ame we hould undertand our reponiilitie for
our own cer pace and hould at leat take care of afet for our peronal device. Thee
tep include intallation of antiviru oftware and keeping it updated, intalling peronal
͍rewall and keeping rule updated. We hould monitor and archive all ecurit log.
We hould have ackup of important data. Our device hould e protected paword and
there hould e retricted acce to enitive data on our device. And aove all, we hould
apire for more computer literac to undertand the afet iue related to our cer pace.
At the ame time we need to utilie the pecialiation of private ector in the ͍eld of cer
ecurit and government hould promote more PPP project for the national cer pace