Cyber security infrastructure in India

Reading time: 8-10 minutes.

Recently on 12th April 2020, the Ministry of Home Affairs advised that the video conferencing application i.e. Zoom is not a safe platform. Due to the pandemic, the country is undergoing a lockdown since 24th March 2020 and all the movements have been stopped except for the delivery of essential commodities. So due to this everyone is working from home through the help of internet. Some are working with the help of conference call, on the other hand, some are working on a video conference platform such as Zoom. Also, the courts are tackling the disputes with the help of video conferencing platform Zoom. In the advisory, the Home Ministry has asked people to take certain precautionary measures such as:

  • One should create a new User ID and password for each individual meeting.
  • The host should create a waiting room so that people can join the meeting only when the host prescribes permission to join.
  • Screen sharing feature should be only accessed by the host.
  • The host should disable the feature of “allowing the removed participants to rejoin”.

Significance of this development

India has a detailed and well-defined legal system in place. Many laws have been enacted and implemented like the Indian Penal Code 1860, the Indian Evidence Act 1872, the Code of Civil Procedure 1908, the Companies Act, and so on. However, the arrival of the internet has given rise to new and complex legal issues. It may be appropriate to say that the existing laws in India were enacted while keeping in mind the relevant political, social, economic, and cultural scenario of that relevant time. Nobody then could really visualize about the Internet. Despite the brilliant knowledge of our master draftsmen, the requirements of cyberspace could hardly ever be identified. As such, the coming of the Internet led to the emergence of numerous tricky legal issues and glitches which required the enactment of cyber laws.

In the present profoundly digitalized world, nearly everybody is influenced by digital law. For instance:

.

  • Practically all organizations widely rely on their PC systems and keep their important information in electronic structure.
  • Government structures including personal expense forms, organization law structures and so on are presently filled in electronic structure.
  • Customers are progressively utilizing credit/check cards for shopping.
  • The vast majority are utilizing email, telephones and SMS messages for correspondence.
  • Digital signatures and e-contracts are quick replacing regular strategy for executing business.

Cyber Security Laws in India

Provisions under Information Technology Act, 2000

Section 66 of IT Act, 2000 deals with the offences relating to computers and section 66A states the punishment for sending any kind of messages which are offensive in nature, and which, the wrongdoer knows to be false but he did it to cause annoyance, injury, or insult to the victim shall be sentenced for a term which may extend to three years with fine.

Section 66B of IT Act, 2000 says that a person shall be held liable for three years or with a fine which may extend up to one lakh rupees if the offender dishonestly receives or keeps a device which he knows to be stolen.

Section 66C of IT Act, 2000  defines the punishment for identity theft, such as electronic signature, shall be punished with the term of up to three years and shall also with the fine of one lakh rupees.

Section 67A of IT Act, 2000 says that any material which contains sexually explicit acts, when

transmitted or regulated on the internet by a person, will attract the liability under this section and the person would be punished for a term of up to five years with a fine of up to ten lakh rupees. And the punishment shall be exceeded to seven years and a fine of ten lakh rupees in case of a subsequent conviction.

Section 72 of IT Act, 2000 deals with the breach of confidentiality and privacy, it states that any person who has access to any document, information or other material, discloses that material shall be punished with a term of two years and also with a fine of the sum of one lakh rupees.

Provisions under Indian Penal Code, 1860

Section 354D of Indian Penal Code, 1860 defines stalking as any man who monitors the use of the internet by a woman shall be punished for a term of up to three years and with fine. The duration will be extended for five years with a fine on the subsequent conviction.

Section 416 of Indian Penal Code, 1860 defines cheating by personation as if a person pretends to be some other person other than who he actually is. The punishment of cheating is given under Section 417 which states that a person can be booked for a term of up to one year with fine or both. 

Institutions for protection against Cyber-crime

Cybercrime Prevention against Women and Children (CCPWC)

This scheme was launched by the Ministry of Home Affairs and deals with providing an effective mechanism that will help the victims of cybercrime to fight against it. This scheme allows the person to file an online complaint of such wrong content such as child pornography, child sexual abuse, and any other wrong content. Ministry has announced that a sum of Rs. 2,30,00,000 has been granted to NCT of Delhi for the setup of Cyber Forensic Lab Cum Training Center.

National Crime Records Bureau will identify objectionable content on receiving complainants and take action for its immediate removal. For this, NCRB has already been notified as Central Government nodal agency as to issue notices under Section 79(3)b of Information Technology Act, 2000.

Indian Computer Emergency Response Team (CERT-IN)

Indian Computer Emergency Response Team (CERT-In) is a government made Information Technology security Organization. The purpose behind CERT-In is to respond to computer security, report on vulnerabilities and advance powerful IT security rehearses all through the nation. CERT-In was made by the Indian Department of Information Technology in 2004 and works under the support of that division. As per the arrangements of the Information Technology Amendment Act 2008, CERT-In is answerable for directing the organization of the act. In the ongoing Information Technology Amendment Act 2008, CERT-In has been assigned to fill in as the national office to play out the accompanying capacities in the region of cyber security:

  • Collection, analysis and dissemination of information on cyber incidents.
  • Forecast and alerts of cyber security incidents.
  • Emergency measures for handling cyber security incidents.

Critical Information Infrastructure Protection Centre (NCIIPC)

National Critical Information Infrastructure Protection Centre (NCIIPC) is a government organization which has been created under Section 70A of IT Act, 2000 by the Government of India. Its headquarters is located in New Delhi, India.  Important function include to coordinate, share, monitor, collect, analyze, a national-level risk to CII for strategy direction, mastery sharing and situational mindfulness for early notice or alarms. The essential duty regarding ensuring CII framework lies with the organization running that CII. It has been designated as National Nodal Agency for Critical Information Infrastructure Protection. A report of the National Critical Information Infrastructure Protection Centre has identified the following as critical sectors:

  1. Power & Energy
  2. Banking, Financial Services & Insurance
  3. Telecom
  4. Transport
  5. Government
  6. Strategic & Public Enterprises

National Cyber Coordination Centre

National Cyber Coordination Centre has been implemented by the Indian Computer Emergency Response Team (CERT-In). NCCC derives its power from Section 69B of IT Act, 2000. It will be India’s first layer for digital risk checking and all correspondence with government and private specialist organizations will be observed by it. Its command is to check web traffic and correspondent metadata coming into the nation to distinguish continuous digital danger and alarm different associations.

NCCC additionally will arrange between intelligence agencies, explicitly during system interruptions and cybercrimes. It will have virtual contact with the control room of all ISPs to check traffic inside the nation, streaming at the purpose of passage and exit, including worldwide portal. Aside from observing the internet, the NCCC will likewise investigate different dangers presented by digital assaults. It will have top specialists from the digital security field and will run like comparable association in different nations, for example, the US, the UK, France, Germany, and so on.

Data Security Council of India (DSCI)

Data Security Council of India is a body established in the year 2008 by the National Association of Software and Service Companies (NASSCOM). NASCOM is a non-profit organization that was set up in 1988. In 2013, NASSCOM started “10,000 new companies” in the nation. Its principal objective is to start 10,000 new companies in the nation by 2023. The NASSCOM under its supervision operates Data Security Council of India. The core aim of the Data Security Council of India is to protect national interest by protecting the data. It additionally outlines the gauges and activities for keeping up with protection and other cybercrimes standards. It likewise arranges meetings and makes basic stages for the enterprises, thinks tanks and different pioneers of the information insurance industry to meet up.

Conclusion

In the end, we can say that a crime-free society does not exist in today’s time so precautionary measures should be taken to tackle the crime. Also, as the technology is enhancing day by day more crimes are reported on electronic frauds. Information Technology Act, 2000 and Indian Penal Code, 1860 contains the provisions for punishing the offenders or the wrongdoers against the cybercrime. One should know the methods of filing the complaint online for the cybercrime committed against them. Rallies, workshops, online seminars should be organized so that the people who are unaware about the methods to tackle the cybercrime should be made aware of. Wide ranges of information whether it is personal, governmental, or corporate, need high security.

A portion of the information, which has a place with the administration guard framework, logical research and advancements, banks, protection innovative work association can be greatly affected by even a small amount of negligence to these data So while concluding we can say that as it is rightly said, “Precaution is better than cure” and thus, precautionary measures should always be taken to keep everything safe and secure.

Author: Abhinav Rana from University School of Law and Legal Studies, GGSIPU.

Editor: Arya Mittal from Hidayatullah National Law University, Raipur.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s