On February 12, 2013, US President Obama passed two executive orders for setting up cybersecurity standards for various industries. These executive orders exemplify the intent shown in the United States to fight cyber crime and the immediate concern of the administration that without executive orders, it is almost next to impossible to encourage a coordinated response against cyber crime – which seems to be the only way to control the growing global menace.
Unfortunately, Indian authorities – despite passing some cleverly drafted internet laws – have either no idea on how to tackle cyber crime, and have no intention to generate a coordinated response. And that is an extremely fearful situation. One doesn't wish to sound like a doomsday soothsayer, but what if one fine day you woke up to find the nation's banking system crippled because one smart alec in Nigeria broke into our interconnected banking systems and transferred all the money to untraceable accounts?
It's a no-brainer that the Internet is one of the key pillars on which the future economies will grow. There have been several reports that underscore how Internet offers a much-needed boost to a nation’s productivity levels. In the context of India, Internet’s contribution to the nation’s GDP is set to grow exponentially from $30 billion in 2011 to a whopping $100 billion in 2015, according to a Mckinsey report. Private and public companies in the country are swiftly integrating Internet-based services into their business models. The aim is to take advantage of New age offerings in order to cut down on the ever increasing costs.
Global consulting firms predict that India will overtake the United States by 2015 to become the second-biggest Internet user in the world after China. Naturally, the corporate world and the Indian government are going gaga over the prospects and how it would help lift all boats. On its part, the Indian government has already announced plans of up to Rs.200 billion for broadband expansion across the country where more than 10% of the population (150 million to be precise) is on web now.
But as always, there is a flip side to the coin as well. As businesses and societies in general increasingly rely on computers and Internet-based networking, cyber crime and digital attack have increased around the world. These attacks include financial scams, computer hacking, downloading pornographic images from the Internet, virus attacks, e-mail stalking and creating websites that promote racial hatred. According to the Norton Cyber Crime Report of 2012, 1.5 million people are impacted every day across the world – close to 18 people per second – falling prey to cyber crime, including attacks, malware and phishing. Globally, the financial loss as a result of cyber crimes has been to the tune of $110 billion in 2011.
More than 42 million people in India were victimized by cyber criminals last year, with approximately $8 billion in direct financial losses, the report said. According to the report, 66% of adults in India have been victims of cyber crime in their lifetime. In 2011, 56% of adults online in India experienced cyber crime, translating to more than 115,000 victims of cyber crime every day or 80 victims a minute and more than one a second. One in three adults online (32%) has been a victim of either social or mobile cyber crime in the last 12 months, and 51% of social network users have been victims of social cyber crime. Specifically, 22% of social network users reported to have been a victim of identity theft.
Even government websites were not spared. There have been incidents of defacement of top government agencies like CBI (December 2010), Bharat Sanchar Nigam Limited in December 2012, Oil and Natural Gas Commission in November 2008 and other ministries and departments (which aggregated 294 till October 2012). Indian websites catering to diversified industries have been defaced at regular intervals. While 9,180 websites were hacked in 2009, the figure shot up by 57% to 14,392 cases during the first 10 months in 2012.
Clearly, the growth in cyber crime has started assuming disconcerting proportions. But surprisingly, the Indian Penal Code has not figured a way to define “Cyber Crime” precisely. It’s only after the latest amendements to the the I.T. Act, passed in 2008, that a large number of cyber crimes have been brought under the ambit of the law. Currently, there are stringent provisions related to cyber security under sections 66C, 66D and 67(1), under which any conspiracy for cyber terrorism is punishable, and the sentence may extend to life imprisonment.
However, laws alone cannot curb cyber crime, which is often conducted in jurisdictions where timely extradition, trial and punishment in a cost-effective manner are difficult and, hence, ineffective as a deterrent. To its credit, the Indian government has of late started taking steps to build up awareness and preparedness to take on the challenge of fighting cyber crime. In July 2010, the government proposed establishing a unit of specialized hackers to counterattack international hacking activities. In January 2011, the proposal was formally announced under which the government aims to train five lakh cyber crime warriors under a public-private partnership with an estimated cost of Rs.1 billion. It has also been pushing for summary arrests of cyber criminals with the help of cyber crime police stations. In 2011, the National Crimes Record Bureau registered 1,184 arrests for cyber crime under the IT Act, a hike of 67% from 799 arrests in 2010 (a mind boggling 768% up from 154 cases half a decade back).
But the big question remains whether these steps will suffice to check the rising meance of cyber crime? According to McAfee’s report for the third quarter of 2012, the volume of SPAM in India’s Internet territory touched the 40-million mark. Though the figures have been slashed by 60% y-o-y (100 million in September ’11), there still remain areas where one needs to look into at the earliest. Also, cyber attacks are becming more sophisticated and harder to detect.
Today’s sophisticated threats require a layered approach to security, encompassing security, disaster recovery, along with information management to protect information irrespective of where it resides. To address these concerns the government, private sector and civil society need to come together and work in tandem to adopt an integrated, adaptive and collaborative security approach. The government needs to ensure that an updated legislative framework is in place while the private sector should lend its expertise to government agencies for putting up basic defences in place, as many government agencies don’t even have the resources required to take on cyber crime. The private sector can come forward to provide technology such as data encryption, data loss prevention, protective monitoring, vulnerability management and a range of managed and cloud-based services to government agencies for better protection against cyber crime.
Taking Obama's cue, perhaps it is time to enforce a coordinated public-private response against cyber crime through legislation. Later, but not never...