SHIELDING INDIA: STRENGTHENING CYBER DEFENCE AGAINST CRIME
WHY IS CYBERCRIMES IN THE SPOTLIGHT?
“Cybercrime” has grown to be a widespread and worrying problem in today's digital society. It poses a serious risk toindividuals and organizations, from hacking and data breaches to online scams. Still. “Cybercrime” has become ahousehold term in today’s digital society known to almost everyone. Then why has “cybercrime”gained aspotlight recently in the news, specifically in India? It is because the Ministry of Electronics and IT, has made a press release with the heading, “Prevention of Cyber Crimes”, in which it specifies the steps taken by the government to deal with cybercrimes. The state finally decided, to take the initiative towards the upsurge of cybercrimes taking place in various parts of India, giving special mention to the “phishing” originating from some parts of Jharkhand, which is well-known throughout India and wasfocus of all kind of media in India from time and time again, and also hasa Netflix documentary by the name of “Jamtara”.
TYPES OF COMMON CYBERCRIMES:
1. Distributed Denial-of Service (DDoS) Attacks: These are used to flood a website with traffic from many sources to render an online service unavailable and bring the network down.
2. Botnets: Botnets are hacked computer networks externally managed by remote hackers. Through these botnets, the remote hackers send spam or launch attacks on other computers.
3. Identity Theft: When a criminal accesses a user's personal or confidential information, they may try to damage that user's reputation or demand ransom.
4. Cyberstalking: This type of cybercrime comprises online harassment, in which the victim receives a deluge of emails and messages. Cyberstalkers typically threaten and terrorise a user through social media, websites, and search engines.
5. Phishing: It is a particular form of social engineering assault that isused to acquire user information, such as login information and credit card details. It happens when an attacker deceives a victim into opening an email, instant message, or text message by disguising themselves as a reliable source.
“Challenges in Combating Cybercrime in India"
1. Lack of Cyber security awareness: Due to this limited awareness in India makes the citizens both vulnerable to cybercrime and further adds to the inadequate reporting of cyber incidents, hindering the understanding of the full extent of the cybercrimes in the country.
2. Inadequate reporting: Cybercrimes are significantly underreported in India for a number of reasons, including concerns over reputational harm or a lack of faith in law enforcement. Due to this, it is impossible to determine the full scope of cyberthreats and the happening oflaw enforcement activities.
3. Inadequate Cybersecurity Infrastructure in the Public and Private Sector: This is one of the biggest problem with cybercrime and is the main issue which has been addressed by the government. In the Public sector the problem is very transparent due to the lack of specialized departments, police force, shortage of skilled Cybersecurity professionals, etc. and also the absence of a separate Procedural Code.
The private sector has seen many large investments especially in the Information Technology (IT), Electricity and Telecom sectors, and they favour the profit-friendly infrastructure mind-set rather than the protective infrastructure, because they believe that investments in cyberattack readiness may not yield excellent returns, operators do not invest in defensive infrastructure; instead, they concentrate exclusively on the profitable infrastructure.
4. Jurisdictional problems: Because cybercrime frequently crosses borders, there are often issues with jurisdiction. To effectively combat cross-border cybercrime, coordination between various law enforcement organizations and international collaboration is required. This problem has also been addressed by the government with the introduction of CERT-In.
5. Insufficient Cyber Laws, Regulations and the rapidly growing cybercrimes: The constant development of new tactics and approaches by cybercriminals allows them to stay one step ahead of conventional cybersecurity solutions.India's legal system was thought to be out-of-date and deficient in comprehensive provisions for dealing with cybercrime. In2008, changes were made to the Information Technology Act of 2000.
6. Anonymity and Pseudonymity Online: The internet's ability to provide pseudonymity and anonymity makes it difficult to track down and prosecute cybercriminals and identify their whereabouts.
GOVERNMENTAL STEPS TOWARDS PREVENTION OF CYBERCRIMES:
The government accepts that, according to the Seventh Schedule of the Indian Constitution, "Police" and "Public Order" are State matters. Through their Law Enforcement Agencies (LEAs), states and UTs are largely in charge of the prevention, detection, investigation, and punishment of crimes, including cybercrime. The Central Government supports the efforts of the State Governments by providing guidance and financial support through a variety of programs for their capacity building.
According to the Ministry of Home Affairs (MHA), in order to support the States and UTs' efforts in establishing cyber forensic-cum-training laboratories, provide training, and hire junior cyber consultants, the Ministry of Home Affairs has provided financial assistance to them under the Cyber Crime Prevention against Women & Children (CCPWC) scheme. In 28 States, cyber forensic-cum-training laboratories have been established. The Central Government has taken action to increase public awareness of cybercrimes, including the issue of alerts and advisories, capacity building and training for law enforcement, prosecutors, and judicial officials, as well as the development of cyber forensic tools.
What is CERT-In?
Indian Computer Emergency Response Team (CERT-In), operates as an automated cyber threat exchange platform to promptly collect, analyzeand share alerts for proactive threat mitigation, regularly publish advisories on the most recent cyber threats, vulnerabilities, and protective measures for networks and systems. CERT-In co-operates with all the International CERTs, and overseas organizations, service providers as well as Law Enforcement Agencies to work and coordinate various incidents. It also provides the requisite leadership for the Computer Security Incident Response Team-Finance Sector (CSIRT-Fin) operations under its umbrella to respond to, contain and mitigate cyber security incidents reported in the financial sector.
"Government's Cybercrime Countermeasures"
1. The government has established Indian Cyber Crime Coordination Centre (I4C) to provide with an ecosystem to deal with cybercrime.
2. They have set up seven I4C as of now, in Mewat, Jamtara, Ahmedabad, Hyderabad, Chandigarh, Vishakhapatnam and Guwahati as of now, to deal with the jurisdictional complexities based on the cybercrime hotspots/ areas.
3. The government has launched an online portal National Cyber Crime Reporting Portal (www.cybercrime.gov.in) and a toll-free number 1930 to report all types of cybercrimes.
4. In order to stop financial criminals from siphoning off funds, the Citizen Financial Cyber Fraud Reporting and Management System module has also been launched.
5. In order to raise awareness about the responsible use of digital technology, CERT-In has released 70 warnings for businesses and people.Through its official social media accounts and websites, CERT-In frequently shares security advice on online safety and security. By sharing security advice via posters and films on social media platforms and websites, CERT-In sponsored numerous events and activities for residents during Cyber Security Awareness Month in October 2021 and Safe Internet Day on February 8 of 2022, etc.
6. The government has provided Chief Information Security Officers (CISOs) with recommendations regarding their primary duties and responsibilities for securing infrastructure, applications, and compliance.
CERT-In has empanelled 97 security auditing organisations to support and audit implementation of Information Security Best Practices.
8. Government has published tips for users to prevent “phishing” attacks along with, auditing all its websites with respect to the cyber security prior to their hosting
9. CERT-In has formulated a Cyber Crisis Management Plan, to operates the Cyber Swachhta Kendra (Botnet Cleaning and Malware Analysis Centre) and National Cyber Coordination Centre (NCCC) to generate necessary situational awareness of existing and potential cyber security threats. The phase-I of NCCC is even operational, whereinCyber security mock drills are conducted regularly to enable assessment of cyber security posture and preparedness of organisations in Government and critical sectors (There are 67 such mock drills as of now).
10. Network and system administrators, as well as Chief Information Security Officers (CISOs), of government and critical sector enterprises, are regularly trained by CERT-In on securing IT infrastructure and mitigating cyberattacks.
In today's digital age, cybercrime has emerged as a serious problem. Due to a lack of understanding, a weak cybersecurity infrastructure, complex legal issues, and quickly changing cyber tactics, India, like many other nations, is facing difficulty in combatting cyber threats. The Indian government has, nevertheless, made significant efforts to address these restrictions and move forward from the outdated conventional methodology. The National Cyber Crime Reporting Portal, the Indian Cyber Crime Coordination Centre (I4C), and the proactive activities of CERT-In have all been significant in increasing awareness, improving preparedness, and giving a platform to effectively combat cybercrime. The way forward to tackle the problem in the digital ecosystem can be settled by working towards areas such as Cyber Security Awareness Campaign, Cyber Insurance, Data Protection Law, Collaborative Trigger Mechanism and so on.