Cyber Security must be an “Essential Part of the National Security” of all Nations. Further, the Cyber Security Policy must also be “Integrated with the National Security Policy” of all Nations. In India, we have “Not Integrated” the Cyber Security Policy with the National Security Policy. As a result we have “Isolated and Uncoordinated Polices and Authorities” where each acts Independently and without any Coordination with the other. This fact has been reiterated by the Cyber Security Trends and Development in India 2013 (PDF) provided by Perry4Law and Perry4Law’s Techno Legal Base (PTLB).
For instance, we have proposed National Critical Information Infrastructure Protection Centre (NCIPC) of India, National Cyber Coordination Centre (NCCC) of India, Tri Service Cyber Command for Armed Forces of India, etc. However, none of them are “Coordinating” with each other and all of them are operating in different and distinct spheres.
Meanwhile, Cyber Crimes, Cyber Attacks, Cyber Security Incidences, Cyber Warfare, Cyber Terrorism, Cyber Espionage, etc are on rise World over. India is no exception to these Cyber Threats. The Cyber Security Infrastructure in India needs to be “Strengthened” with both Offensive and Defensive Cyber Security Capabilities to tackle these CyberAttacks that have become “Really Sophisticated”. Malware like Stuxnet, Duqu and Flame have simply proved that Traditional Cyber Security Protections are “Irrelevant and Useless”. Similarly, the combined use of Radio Waves and Malware, as used by United State’s NSA for World Wide E-Surveillance, is also well outside the Tradition Cyber Security Capabilities to prevent.
These Malware used Cyber Attack Methods and Vectors that are far beyond the Capacity of Traditional Cyber Security Mechanisms to Trace and Prevent. This becomes a serious Cyber Security Issue when Critical ICT infrastructures are at stake. For instance, the Critical Infrastructure Protection in India and its Problems, Challenges and Solutions (PDF) are still to be looked into with Great Priority by Indian Government. It is only now that India has declared that NTRO would protect the Critical ICT Infrastructures of India. Similarly, a Tri Service Cyber Command for Armed Forces of India is in Pipeline. Nevertheless, the Cyber Security Infrastructure of India is Weak and it must be Improved as soon as possible.
Countries across the World have started to strengthen their Cyber Security Capabilities. While protecting their own Cyberspace domain, various Countries must understand that Cyber Security is an International Issue (PDF) and not a National one. Therefore, an International Cyber Security Treaty is Required (PDF). As far as India is concerned, the Cyber Warfare Policy of India (PDF) and E-Surveillance Policy of India (PDF) must be urgently drafted and implemented. Similarly, Self Defence and Privacy Protection in India must be ensured.
India has taken a “Totally Defective Stand” in this regard. India has decided to use E-Surveillance instead of creating Sound Cyber Security Capabilities. For instance, India’s own Projects like Aadhar, National Intelligence Grid (NATGRID), Crime and Criminal Tracking Network and Systems (CCTNS), National Counter Terrorism Centre (NCTC), Central Monitoring System (CMS), Centre for Communication Security Research and Monitoring (CCSRM), Internet Spy System Network And Traffic Analysis System (NETRA) of India, etc are violative of Civil Liberties Protection in Cyberspace. None of them are governed by any Legal Framework and none of them are under Parliamentary Scrutiny. The Privacy Rights in India in the Information Age and Data Protection Laws in India and Privacy Rights in India (PDF) need to be ensured by Indian Government as well.
We also lack an “Implementable” Crisis Management Plan of India for Cyber Attacks and Cyber Terrorism. Recently, Huawei was accused of Breaching National Security of India by Hacking Base Station Controller in Andhra Pradesh. Similarly, Cyber Security of E-Governance Services in India is needed. We have no Cyber Crisis Plan that can be “Set into Motion” the moment an “Adverse Cyber Event” occurs. Of course, “On Papers” we may have the best Cyber Crisis Management Plan of the World.
There is an urgent need to have an “Implementable” Cyber Attacks Crisis Management Plan of India. The same must be “Holistic” in nature and must have “Coordinative Capabilities” so that various Policies and Authorities can “Act at Once” the moment an “Adverse Cyber Event” occurs against India.