
Commander Mukesh Saini
The Cyber Security Act of India
The Information Technology Act 2000 came into being to enable e-commerce and meet India’s commitment to the United Nations. The primary objective was to enable and empower the user to make on-line transaction which can be recognise by the government and courts. Certain civil and criminal liabilities were introduced to strengthen the confidence on the net based transactions.
The world has moved on since year 2000, and now information technology impacts every aspect of human life. The nation states, non-state actors, Cyber terrorists, organised criminals to common mischief makers use the Internet based applications. The Information technology Act 2000, which is an enabler for the usage of the networks cannot effectively perform the act inhibitor for the network. The involvement of technology has become so great that IT Act half-baked procedures are being used at par with Major Acts. This information is already shared with the government
In short by design, the Information Technology Act cannot look into all aspects of cyber security. Some of the provisos which the proposed Cyber Security Act should cover are given below,.
The Cyber Security Act of India
(only structure)
Shades of Threats in Cyberspace
Cyber war
Cyber social invasion
Cyber intelligence
Cyber surveillance
Cyber Espionage
Cyber Terrorism
Cyber Crime
Cyber infraction
Financial assurance framework
Electronic Financial transactions
E-Commerce
E-Contract (especially long life e-contracts viz-a-viz life limitation of electronic signature)
Taxation
* Physical products and Digital products
* Transactions Within India
* Purchases from outside India
* Sale to outside India entity
Foreign currency management in online transaction
Virtual Currency
Virtual barter system
Online Identity management
Managing identification, authentication, accuracy and non-repudiation
Indian Public Key Infra structure
International Public Key Infrastructure integration
Organisational Key generation and management infrastructure
Non-PKI based Electronic signature or ID
ID Technology management and ID technology roll-over
Electronic signature or ID of devices
Standards, Audits, Certification and Accreditation
International Organisation of Standards
International Telecommunication Union
Indian Standards
National Accreditation Board
Department of Electronics and Information Technology (STQC)
Support, sharing and coordination
Intra-government coordination
Critical Infrastructure entities and organisations
Intra-Sectoral ( Private as well as public)
With International nations and entities
Proactive Watch and Warning
Incident reports and periodic returns
Decryption and interception
Procedures
Privacy Safeguards
Responsibility and Accountability
* Citizens
* Entities
* LEA
* Service Providers
International cooperation
National Cyber Security Structures
Cyber Security Commission ( Like ISRO/ Atomic Energy Commission)
National Information Board
National Cyber Security Coordinator
Web of Certs/ Cyber Coordination Centres
Ministry of Electronics and Information Technology
NTRO / NIIPC
Industry Confederations and organisations
Law Enforcement Agencies
Judiciary
Cyber Forensic Labs
Private Cyber Investigation
Xx
yyy
zzzz
International Cooperation
Inter nation-state investigation procedure
International Cooperation and coordination for cyber security
Extradition
Investigation support bi-lateral & multi lateral agreements
Cyber crime control
Computer as source of crime
Cyberspaces as medium for crime
Computer as Victim of crime
Crime committed by machines of their own
Inducing for crime or suicide
Organised cyber crime
Cyber crime against children
Consolidation of minor crimes into large crime
Offender and victim both within Indian Territory but Cyber resource used are outside India
Offender and victim both outside the Indian Territory but Cyber some resource used are within India
Offender, victim and resources with in India
Electronic Evidence management and investigation procedures
Qualification and rating of cyber forensic experts, tools and software
Search procedure for electronic evidence
Procedure for seizure of electronic evidence by investigating agency
* By non-technical investigator
* With help of Cyber Forensic experts
* Urgency versus procedure (where, when and how)
Procedure for search and seizures in cases of, Non-Cognizable offences and civil offences.
Electronic evidence analysis and use of data analytics.
Privacy, redaction and anonymising
Electronic evidences searched, seized or analysed by person(s)/ entity(s) outside India.
Offences
Civil Offences
Criminal Offences
Miscellaneous issues
Rating Agencies
Education, awareness and skill development
Innovation management, Research & Development
Future Technologies & their convergence
Proposed by : - Commander Mukesh Saini ( Retd.)