What all the digitisation has also brought in its wake is increased risks of cyber crime and the urgent need for cyber security. In this context, the lack of technological savvy amongst ordinary citizens is a worrying factor and it is this situation which is exploited by the unscrupulous elements, writes Najib Shah, a former bureaucrat and ex. Chairman, Central Board of Indirect Taxes & Customs.
The Prime Minister in his address to the nation on the 77th Independence Day spoke among other things about digitally empowered India. The Digital India programme launched in 2015 is an unqualified success. Digital services, digital access, digital inclusion, digital empowerment have resulted in substantially bridging the digital divide. The success of public digital platforms like Aadhaar, UPI, Digi locker, UMANG have been phenomenal.
The Union Home Minister while addressing the inaugural session of the G-20 Conference on Crime & Security on the theme of ‘NFTs, AI and the Metaverse’, highlighted the need for cooperation to build cyber-resilience in an increasingly connected world. He pointed out that 840 million Indians have an online presence, that internet connections have increased 250 percent in the last 9 years, that the cost of per GB of data has reduced by 96 percent. He also stated that India leads in global digital payments with 90 million transactions in 2022, that 46 percent of the global digital payments are done in India.
What all the digitisation has also brought in its wake is increased risks of cybercrime and the urgent need for cybersecurity. The Home Minister spoke of ransomware attacks, sale of critical data, online harassment, child abuse, fake news —all these are instances of the bad world of cyber crime. And we should never forget that cyber crime has huge national security implications.
It is in this background that one should view the report of the Jayant Sinha headed Standing Committee on Finance on ‘Cyber Security and rising incidence of Cyber/White Collar Crimes’ submitted on July 27, 2023. The major observations and recommendations cover the whole gamut —from highlighting the problems to suggesting possible solutions.
The Committee has noted that third-party service providers are not being sufficiently controlled. It suggested that regulatory powers should be enhanced to ensure oversight. Similarly, the Committee has pointed out that critical payment systems are not regulated currently. They suggested that regular security assessments would be required.
The Committee suggested a comprehensive legal framework establishing a protocol of policy, risk assessments, framing rules and bringing a new cyber security legislation. It may be recalled that cyber crimes being a new class of crimes, the Information Technology (IT) Act 2000 was enacted with the objective of creating a conducive environment for commercial use of Information Technology.
The IT Act specifies the types of activity which are punishable —tampering with computer source documents, hacking of computer systems, publishing obscene information, unauthorised access to protected systems, breach of confidentiality among others. It may be noted that cyber crimes are also punishable under the provisions of the Indian Penal Code. Thus, sending threatening messages, defamatory messages, email spoofing or abuse creating bogus websites attract the provisions of the IPC.
The Committee recommended the creation of a Cyber Protection Authority as a central authority with the mandate of developing robust cyber security policies and guidelines. The Committee noted the lackadaisical way that smaller financial institutions approach the issue; higher number of cyber security breaches take place in such institutions.
The Committee emphasised the need for search engines and big tech companies to share data and information on all applications and also the creation of a Central Negative Registry which could consolidate information on fraudsters accounts that could be shared with financial institutions. The Committee recommended that financial institutions be made responsible to compensate customers in cases of frauds. It was also observed that IT Act had inadequate powers and that most of the offences are bailable in nature and thus there was a need for stricter penal provisions.
It is not clear as to how many of these recommendations would be accepted by government. It is also not very clear whether the solution to the problem of cybercrime lies in the creation of yet another regulatory body. The laws as they stand today are powerful —where the investigations are done with a sense of purpose and urgency, we have had convictions too. (The Sony Sambandh case of 2013).
But the Standing Committee having examined this troubling problem, which is only going to increase, is a step in the right direction. As per the last data as per newspaper reports (quoting the National Crime Records Bureau (NCRB)) more than 50,000 cases were registered in 2022 —a rise of nearly 12 percent over the previous year. India has seen one of the biggest attacks recently when the All-India Institute of Medical Sciences (AIIMS) was targeted in a ransomware attack.
In fact, healthcare worldwide is among the most targeted industries. Access to confidential medical information makes individuals easy prey. Norton LifeLock, a cybersecurity software company claims that more than 27 million Indian adults have been victims of identity theft, and that most are not aware as to how to defend themselves against cybercrime.
The lack of technological savvy amongst ordinary citizens is a worrying factor —a situation which is exploited by unscrupulous elements. The ordinary citizen knows enough technology to use digital products, but not enough technology to defend himself against cyber-attacks. MHA has launched a National Cyber Crime Reporting Portal to create a centralised system to report all sorts of cyber crimes.
The home page of the site has links under the head of ‘Resources’ on cyber safety tips and cyber awareness-links which could empower the ordinary citizen. Unfortunately, neither of these links (when accessed on 15.08. ’23), appear to be currently operational; the authority concerned would do well to ensure this is operationalised, updated, and always maintained.
The government is said to have created an online course called ‘CyTrain’ portal which is said to be the world’s largest training programme in the field of cyber security. Such training is required both for ordinary citizens as also for enforcement officials. The Indian Computer Emergency Response Team (CERT-in) under the Ministry of Electronics & Information Technology (MeitY) tasked with preventing attacks against the country’s cyber space also has a critical role to play.
—The author, Najib Shah, is former Chairman, Central Board of Indirect Taxes & Customs. The views expressed are personal.
(Edited by : C H Unnikrishnan)
First Published: Aug 17, 2023 8:13 AM IST