SBN

Cybersecurity and the Indian Cyber Laws

Introduction

Cyber security is an abstract concept comprising everything from desktops to smartphones, software, web and mobile applications, clouds, servers, and the entire infrastructure supporting the vital business processes. The growing interaction between people and technology-based services has led to the evolution of cyberspace with people being able to store any type of information (in various forms) and interplay with technology at their convenience. 

This type of interlinkage, however, can prove to be as fatal as it is beneficial due to its tendency of being misused by cybercriminals. To maintain the integrity of this relationship between man and technology, certain laws and governance frameworks were created and mandated.

What are Cyber Crimes? 

Any crime related to, or concerning the information systems could be labeled as Cyber Crime. They are defined as unlawful acts where –

  1. Crime is committed by using the computer as a tool, like Cyber Terrorism, IPR violations, and Credit Card or fund transfer frauds.
  2. The computer can also serve as a target of criminal activities, such as Hacking, Virus/Worms attacks, and DoS attacks.
  3. Or a computer is both the means and the target of these illegal activities.

A very common example of cybercrime could be the hacking of a social media account, like Facebook or Instagram. Other instances can include various virus-based attacks, spoofing, cyberstalking, pornography, e-mail bombing, and crimes related to finances or intellectual property. 

Categorization of Cyber Crimes

Cyber crimes can be categorized based on their targets.

  1. Crimes against people
  2. Crimes against individual property 
  3. Crimes against government
  1. Crimes Against People

Crime like these usually targets individuals and affects them financially, mentally, or physically. 

  • Hacking – It involves a complete infiltration of the victim’s personal information to harm the individual, whether financially, mentally, or physically. An attacker bypasses an IT-enabled technology by gaining unauthorized access to it.
  • Cyber Bullying – The repeated, and deliberate harassment of an individual forges the core of cyberbullying. The most common example of such bullying can be people leaking private pictures or videos to harass their partners, friends, or anyone else. It is most common among teenagers, particularly school students. 
  • Defamation – This crime includes hacking into an individual’s or an organization’s email or other social media accounts to send obscene content to their connections and defame their credibility. 
  • Cyber Stalking – In this, the attacker, pretending to be an anonymous user, harasses a victim using the information media. Cyberstalking is the online equivalent of being followed around by a person through emails, instant messaging, social networking sites, or interactions over various chat groups or websites. 

2. Crimes Against Property

Through technological advancements, property trading is not limited to the same country or region. It has gained international footing, and to manage this process, electronic management systems have replaced paper-based management. This technological factor adds to the risk of various cyber crimes in this domain.

  • Cyber Squatting – It is the process of illegally acquiring someone’s property through unfair means. A common example includes registering a look-alike domain of famous websites. 
  • Cyber Vandalism – Cyber Vandalism refers to the act of destroying computer infrastructures or the information saved in them, by extracting login credentials from a system or erasing valuable information from hard drives. 
  • Intellectual Property Crimes – This category of cyber crime includes Software piracy, infraction of patents, copyrights, trademarks, official blueprints, and many more such documents. 
  • Hacking Systems – In this, cybercriminals attack a computer system with the sole purpose of destroying information to harm the credibility of a system or individual.

3.  Crimes Against Government

Many cyber attacks target the government of a nation or that of other countries. Some of them are –

  • Cyber Terrorism – Activities like Denial of Service (DoS) attacks, and attacks that target sensitive networks to damage Critical Information Infrastructure (CII) are referred to as Cyber Terrorism. Terrorists who practice such criminal activities interact with each other via emails that are either encrypted or secured with some kind of secret code.
  • Cyber Warfare – To gather military data of a different country, the attacker deliberately targets the information system of that nation to gain a military advantage over it. This data is used against that particular nation to disrupt wars. 
  •  Pirated Software – Piracy is an ongoing headache for the protectors of information systems. When used against the government, piracy can prove to be a significant issue. The pirated software damages and destroys confidential government records. 
  • Acquiring Unauthorized Information – Through their widespread network, attackers can acquire confidential information about a nation’s politics, economy, religions, social issues, and other important domains that affect the governance of that nation, thereby posing a threat to the wellbeing of that nation. 

INDIAN CYBER LAWS

After the General Assembly of the United Nations passed a resolution in January 1997 inter alia, recommending all States in the UN to give favorable considerations to the proposed Model Law, which recognized electronic records and accorded it the same treatment as paper communication and record, the Cyber Security Law of India or the Information Technology Act was composed. 

The Information Technology Act was then passed as a bill and was approved by the Union Cabinet on May 13, 2000. It was then consented by the President of India on 9 June 2000, and was entitled with the name the ‘Information Technology Act, 2000’. The Act was made effective from 17 October 2000 onwards.

The act originally dealt with – 

  1. Legal Recognition of Electronic Documents
  2. Legal Recognition of Digital Signatures
  3. Offenses and Contraventions
  4. Justice Dispensation Systems for Cyber Crimes

But since technology is an ever-evolutionary component, the laws had to be revised. Due to this, the Information Technology Act of 2008 was acknowledged. It came into effect on 27th October 2009.

The Information Technology Act 2008 aimed to pursue technological neutrality, addressing certain shortcomings and insufficiencies in the original Act. It aspired to help accommodate the future development and the related security concerns of the IT sector. 

The revised Act includes the following provisions regarding data protection and privacy.

  1. Electronic Signature – To make the Act more ‘technologically neutral’, the term ‘Digital signature’ has been replaced by ‘Electronic signature’, since the latter represents the guardianship of various types of digital marketing, while the former only illustrates a specific type of electronic signature.
  1. Cyber Terrorism – The amendment subsumed the concept of cyber terrorism and established punishments for it after the events of 26/11. Cybercrime has stretched its horizon under Section 66 with various crucial cybercrimes along with Section 66A, which penalized the exchange of “offensive messages”. However, Section 66A was later struck down after it was realized to violate one’s fundamental right to freedom of speech and expression.
  1. Child Pornography – A set of sections has been arranged under Section 67 to acknowledge the crime of publishing child pornography as a heinous act. Along with this, a reduction in the term of imprisonment was addressed, along with the increased fine for publishing obscene material in electronic form.
  1. Cyber Cafe Rules – Cyber cafes have always been a major hub for the exchange of obscene emails, identity theft, and net banking frauds, but the exclusion of cyber cafe security in the Act has failed to resolve this issue. The 2008 IT Act explicitly includes and defines these issues under the ‘intermediaries’.  
  1. Government Monitoring – In the original Act, the Telegraph Act restricted the government to monitor and listen in on phone calls, or read messages or emails of the public due to the condition of public emergency and safety, but the new Act expels such restrictions, extending the government’s authority. 

Adhere to Cyber Laws with Kratikal

Cyber laws are unique to every country and enforced under law, and Compliances carry policies to engrave the path to abide by these industries, individuals, and government legislations. 

For organizations to function in the cyber security field, they must comply with certain standards. These standards are nothing but rules and regulations set by the governments of various countries based on their IT rules.   

Kratikal is a CERT-In Empanelled security solutions firm that provides auditing for both regulatory and standard compliances, such as ISO 27001, a security standard loyal to the data security requirements imposed by the Act, SOC2, PCI-DSS, HIPAA, and many more, along with a complete suite of VAPT testing, both manual and automated. 

Auditing for these standards makes a company more efficient and deems it trustworthy in a field plagued by deceit.

Do you think Indian Cyber Laws deal with cyber crimes effectively? Share your thoughts in the comments below!

The post Cybersecurity and the Indian Cyber Laws appeared first on Kratikal Blogs.

*** This is a Security Bloggers Network syndicated blog from Kratikal Blogs authored by Deepti Sachdeva. Read the original post at: https://www.kratikal.com/blog/cybersecurity-and-the-indian-cyber-laws/