Cyber security has become a priority issue for stakeholders’ around the world. Though governments are slow to adapt to cyber security requirements yet there is no escape from the necessity to have a robust and resilient cyber security infrastructure. India has been adopting technology driven project that have little cyber security support. For instance, cyber security for Digital India, e-governance, e-commerce, etc is still missing in India. Till now India is a sitting duck in cyberspace and civil liberties fields and it must be suitably prepared to deal with the cyber security challenges that would further increase in India in the near future.
There are many cyber law and cyber security obligations of Directors of Indian companies that are still not fulfilled by them. Indian government is also slow in enforcing these cyber law and cyber security obligations of Indian directors. The recent judgment of Supreme Court of India on Sections 66A, 69A and 79 of Information Technology Act, 2000 has further killed cyber law due diligence requirements in India to a great extent. This judgment must be reviewed by the Supreme Court to remove the unintended consequences of the same.
The at Centre of Excellence for Cyber Security Research and Development in India (CECSRDI) has suggested that Narendra Modi government must formulate the Cyber Security Policy of India 2015 as soon as possible. The Cyber Security Policy of India 2013 is suffering from many shortcomings that must be removed in the 2015 policy. India must also be cyber prepared to protect its cyberspace.
CECSRDI has also suggested that a dedicated cyber security law of India is need of the hour. The same must be a techno legal framework keeping in mind contemporary cyber security threats. Further cyber security disclosure norms in India must be formulated by Modi government. The cyber security awareness in India must be further improved with a special emphasis upon clearly specifying the cyber security obligations of directors of Indian companies.
The Cyber Security Trends of India 2015 by CECSRDI have outlined that state sponsored cyber attacks and an increased use of malware is on the cards. Cyber security of banks in India is need of the hour as cyber criminals have been targeting banking and financial institutions in India for long. Even the capital markets of India are vulnerable to sophisticated cyber attacks. The Securities and Exchange Board of India (SEBI) has been mandated to regulate the entire gamut of capital markets in India and it is required to ensure cyber security of capital markets as well.
Now it has been reported that SEBI has expanded the ambit of its Technical Advisory Committee (TAC) to include cyber security of the markets. CECSRDI welcomes this move of SEBI and is committed to help it in every possible manner to achieve this benign cyber security objective.
The five-member TAC formed in 2010 is headed by Ashok Jhunjhunwala, faculty-member, Indian Institute of Technology-Madras. The other members are H Krishnamurthy of the Indian Institute of Science (Bangalore), Abhay Karandikar of IIT-Bombay and Vibhakar Bhushan of Trignon Business Consulting and Synchosoft.com.
The TAC advises SEBI on various policy and internal technological safety issues. It also aids the regulator on framing appropriate policies arising out of technological advancements in areas such as wireless trading, co-location, algorithmic trading, smart order routing, Application Programming Interface (API). SEBI is particularly worried about the growing cyber crimes that have become complicated and stealth in nature. State sponsored attacks are also a caused of concern for various cyber security stakeholders. SEBI believes that Indian capital market needs a framework for future plan of action on securities market resilience.
This move of SEBI aims at securing the data, applications, database, operating systems and network layers of (FMIs) from various forms of cyber attacks such as Denial of Service (DoS) attacks, phishing, hacking, man-in-the-middle attack, sniffing, spoofing, key-logging and malware attacks. Critical infrastructure protection in India (PDF) is still struggling to deal with sophisticated cyber attacks and malware. In the past it was declared that NTRO would protect the critical ICT infrastructures of India. The National Critical Information Infrastructure Protection Centre (NCIPC) of India has also been established to protect Indian critical infrastructures. Nevertheless, cyber security of critical infrastructure of India is yet to be achieved.
CECSRDI hopes that Indian government and authorities like SEBI would help in securing Indian critical infrastructures like banks, capital markets, etc very soon. The starting point can be the cyber security policy of India 2015 as already suggested by CECSRDI.