For instance, smart cities have unique and techno legal cyber security and civil liberties issues that are still not managed by Indian government. Similarly, Digital India project of Indian government is also suffering from many shortcomings and absence of cyber security infrastructure is one of them. As a matter of fact, cyber security infrastructure of India is missing and starting technology oriented projects in these circumstances is a big risk and gamble.
The cyber security trends in India 2016 by Perry4Law Organisation (P4LO) have predicted an increased number of cyber attacks against India. The trends have also outlined that there would be an increase in use of malware and ransomware against various stakeholders in India in the year 2016. As on date, malware are defeating cyber security products and services world wide and India is no exception to this situation. What is most alarming is absence of legal frameworks and guidelines regarding cyber security issues in India.
The correlation between a legal framework and cyber security is not difficult to anticipate and conceptualise. Cyber security compliances require adherence to certain well established legal principles. The moment a cyber security breach occurs; many legal issues and compliance requirements are automatically invoked.
For instance, in a typical cyber attack, it becomes imperative to ascertain and find the originator of such attack. The requirements to engage in first instance analysis, e-discovery and cyber forensics also arise due to such cyber attack. The reporting requirement to the compliance and regulatory authorities also arise.
However, none of this applies to Indian companies and individuals that are facing cyber attacks no matter howsoever sophisticated and damaging such cyber attack are. In India companies and individuals are not reporting cyber security breaches and attacks to the government and its agencies. The cyber security developments in India 2015 by P4LO short listed all these shortcomings of Indian cyber security initiatives.
The Indian government has in the past declared that cyber security breach disclosure norms of India would be formulated very soon. However, till now no action has been taken in this regard and companies and individuals are still not reporting cyber security breached to Indian government and its agencies.
For instance, cyber crimes and cyber attacks against banks of India is a very common phenomenon in India. However, banks of India are not only lax while maintaining cyber security but they are also not disclosing such cyber crimes and cyber attacks due to fear of adverse publicity and regulatory penalties. This is creating more problems for the bank customers in general and banking cyber security in India in particular.
The Information Technology Act, 2000 (IT Act 2000) is the sole cyber law of India. However, it is not capable of forcing the companies and individuals to disclose cyber security breaches and cyber crimes. Nevertheless, the rules under the IT Act, 2000 prescribe cyber law due diligence (PDF), internet intermediary liability, reasonable cyber security practices, etc. they indirectly cover some aspects of cyber security disclosure norms. But they are not sufficient to meet the demands of present times.
Indian Parliament needs to enact a dedicated cyber security law of India that can cater all these regulatory and compliance requirements. Such a law needs to take into consideration techno legal requirements of cyber security. The sooner such a law is enacted the better it would be for the national interest of India as cyber security is an essential and integral part of the national security policy of India.