The Information Technology Act 2000 came into being to enable e-commerce and meet India’s commitment to the United Nations. The primary objective was to enable and empower the user to make on-line transaction which can be recognise by the government and courts. Certain civil and criminal liabilities were introduced to strengthen the confidence on the net based transactions.

The world has moved on since year 2000, and now information technology impacts every aspect of human life. The nation states, non-state actors, Cyber terrorists, organised criminals to common mischief makers use the Internet based applications. The Information technology Act 2000, which is an enabler for the usage of the networks cannot effectively perform the act inhibitor for the network. The involvement of technology has become so great that IT Act half-baked procedures are being used at par with Major Acts. This information is already shared with the government

In short by design, the Information Technology Act cannot look into all aspects of cyber security. Some of the provisos which the proposed Cyber Security Act should cover are given below,.

The Cyber Security Act of India

(only structure)

Shades of Threats in Cyberspace

• Cyber war

• Cyber social invasion

• Cyber intelligence

• Cyber surveillance

• Cyber Espionage

• Cyber Terrorism

• Cyber Crime

• Cyber infraction

Financial assurance framework

• Electronic Financial transactions

• E-Commerce

• E-Contract (especially long life e-contracts viz-a-viz life limitation of electronic signature)

• Taxation

* Physical products and Digital products

* Transactions Within India

* Purchases from outside India

* Sale to outside India entity

• Foreign currency management in online transaction

• Virtual Currency

• Virtual barter system

Online Identity management

• Managing identification, authentication, accuracy and non-repudiation

• Indian Public Key Infra structure

• International Public Key Infrastructure integration

• Organisational Key generation and management infrastructure

• Non-PKI based Electronic signature or ID

• ID Technology management and ID technology roll-over

• Electronic signature or ID of devices

Standards, Audits, Certification and Accreditation

• International Organisation of Standards

• International Telecommunication Union

• Indian Standards

• National Accreditation Board

• Department of Electronics and Information Technology (STQC)

Support, sharing and coordination

• Intra-government coordination

• Critical Infrastructure entities and organisations

• Intra-Sectoral ( Private as well as public)

• With International nations and entities

• Proactive Watch and Warning

• Incident reports and periodic returns

Decryption and interception

• Procedures

• Privacy Safeguards

• Responsibility and Accountability

* Citizens

* Entities

* LEA

* Service Providers

• International cooperation

National Cyber Security Structures

• Cyber Security Commission ( Like ISRO/ Atomic Energy Commission)

• National Information Board

• National Cyber Security Coordinator

• Web of Certs/ Cyber Coordination Centres

• Ministry of Electronics and Information Technology

• NTRO / NIIPC

• Industry Confederations and organisations

• Law Enforcement Agencies

• Judiciary

• Cyber Forensic Labs

• Private Cyber Investigation

• Xx

• yyy

• zzzz

International Cooperation

• Inter nation-state investigation procedure

• International Cooperation and coordination for cyber security

• Extradition

• Investigation support bi-lateral & multi lateral agreements

Cyber crime control

• Computer as source of crime

• Cyberspaces as medium for crime

• Computer as Victim of crime

• Crime committed by machines of their own

• Inducing for crime or suicide

• Organised cyber crime

• Cyber crime against children

• Consolidation of minor crimes into large crime

• Offender and victim both within Indian Territory but Cyber resource used are outside India

• Offender and victim both outside the Indian Territory but Cyber some resource used are within India

• Offender, victim and resources with in India

Electronic Evidence management and investigation procedures

• Qualification and rating of cyber forensic experts, tools and software

• Search procedure for electronic evidence

• Procedure for seizure of electronic evidence by investigating agency

* By non-technical investigator

* With help of Cyber Forensic experts

* Urgency versus procedure (where, when and how)

• Procedure for search and seizures in cases of, Non-Cognizable offences and civil offences.

• Electronic evidence analysis and use of data analytics.

• Privacy, redaction and anonymising

• Electronic evidences searched, seized or analysed by person(s)/ entity(s) outside India.

Offences

• Civil Offences

• Criminal Offences

Miscellaneous issues

• Rating Agencies

• Education, awareness and skill development

• Innovation management, Research & Development

• Future Technologies & their convergence

Proposed by : - Commander Mukesh Saini ( Retd.)