Effectiveness of cyber laws in India
In this era, we talk about privacy and its concern on a daily basis. Cybercrime refers to the crime in which a computer or network systems are the object of a crime or used as a tool for committing an offence. Cyber-criminals may use any means to gain access to personal information, trade secrets or for any other malicious purposes.
The basic educative question is what one should do when there is a cyberattack, this could include financial fraud, cyber bullying or any other cyber-crime. Fuelled by internet and mobile penetration, we have seen rapid growth of cyber-crime in India, giving rise to many unsolved cases. In India, Community Emergency Response Team (CERT) is the agency which takes care of collection, analyses information on cyber-attacks, forecasts and alerts for cyber incidents. One could report the incident on their website.
“Aurora Generator Test”, an experimental cyber-attack conducted in 2007, during which the researchers found that by altering the software of a power generator remotely, they could cause the turbines to set fire and thus eventually cause serious damage to the generator. These types of examples are a relevant threat from cyber terrorists on the Industrial Control Systems (ICS) and Building Control Systems (BCS). The question arises what type of forensics could be done and how can these cyber-attacks be prevented from happening again in the future?
Fastest growing threat is cyber terrorism, not only to individuals or organizations, but to nations as a whole, we must ensure that the correct methods of prevention are being taken into considerations. As there are no easy answers to this, and depending on the severity of the cyber-attack, it could take weeks and even months to determine the answers to these two questions.
This is due to the lack of resources or lack of motivation on an individual or organizational level. The answers could be found via the means of conducting various, in depth penetration testing exercises. This involves both getting into recon on potential threats and managing current threats accordingly.
An effective way to address these risks is to create a culture of security. Security culture refers to the set of values in terms of cyber security, shared by everyone in an organization. This determines how one is expected to think about it. Building security culture right will develop a security conscious workforce, and promote the desired security behaviours one wants from staff.
A simple checklist which could have dos and don’ts which could help the organization build a security culture. As said culture eats strategy for breakfast, once implemented to the core, 80-90% of the attacks could be prevented.
It is a tenacious effort of government and lawmakers to ensure that technology grows in a healthy manner and is used for legal and ethical business growth and not for committing crimes. Easier said than done, it takes a lot of effort to change the behaviour of human beings.
To start with the government and industry leaders should come into collaborations and start developing recognition and they should conduct events like Capture The Flag (CTF) activities and they should have problem statements on hackathon on cyber security.
Composed by Dhruv Singh, cybersecurity expert