India-Building an New Ecosystem_Vinayak v4

Please download to get full document.

View again

of 8
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.


Document Related
Document Description
BUILDING AN ECOSSYSTEM FOR CYBER SECURITY AND DATA PROTECTION IN INDIA Vinayak Godse Senior Manager- Security Practices, Data Security Council of India, Niryat Bhawan, 3rd Floor, Rao Tula Ram Marg, New Delhi – 110057, India Abstract: Governments across the globe are gearing up through policy enactments and necessary investments to fight the menace of rising cyber crimes. These policies and investments also assure citizens of their privacy rights in the c
Document Share
Document Tags
Document Transcript
  BUILDING AN ECOSSYSTEM FOR CYBER SECURITY AND DATA PROTECTION IN INDIA Vinayak Godse Senior Manager- Security Practices, Data Security Council of India,  Niryat Bhawan, 3rd Floor, Rao Tula Ram Marg, New Delhi  –   110057, India Abstract: Governments across the globe are gearing up through policy enactments and necessary investments to fight the menace of rising cyber crimes. These policies and investments also assure citizens of their privacy rights in the cyber space. India, with its high growth rate, is rapidly integrating itself with Internet Economy, where transactions are predominantly carried out electronically. While Internet offers a new means for expanding economic and  business avenues, it offers ease of operations and promises outreach. It is, however, subject to ever increasing dangers of cyber crimes and escalating misuse of personal information being collected by businesses. Individuals need legal protection to protect their personal rights and secure their transaction in cyber space. Institutes, industry and government need assurance that sufficient steps have been taken to secure the flourishing growth of economy. This requires setting up of an ecosystem that is capable of understanding new age complexities and offering swift response mechanism. The ecosystem for cyber security and data protection necessitates a strong legal framework, proactive government initiatives, active involvement of, and contribution by the industry and effective law enforcement mechanism. This paper discusses how India is responding to cyber security and data protection challenges, and how a new ecosystem is underway in recent years. Key Words: Cyber Security, Data Protection, IT (Amendment) Act, 2008 1 Introduction Internet brought fundamental changes in the way society interacts, government offer services, organizations expand business and individuals transact. While Internet  brings immense benefits, saves cost, and brings unparallel efficiency, it, in fact, by its nature, exposes organized entities (institutions and organizations or individuals to over expanding threats of cyber space. These cyber threats have been augmenting their capability to damage national interests, jeopardize industry functions and seriously harm individual or end users. This led to positioning cyber security as an important element of National Security. This is increasingly reflecting in the state  2 Vinayak Godse  policies and regulatory initiatives that are aimed at protection of public, private and individual property. The protection provides a necessary impetus for expansion of Internet Economy and attracts an increased trust of the end user. Increased thrust of Government on Information Technology in offering public services to its citizens, and exploitation of new technology enabled channels by the industry provides end users very effective and effortless options to avail the services and perform their financial transactions. However, they have to negotiate with the Government and Industry by sharing their personal information. Personal information, shared to avail a specific service or perform a specific transaction, attracts immense value. Private bodies are likely to use this information for their commercial benefits; Government tends to use this information in the name of national security. Ability and scale of technology to gather, process, use, and share information gradually invite concerns of end users about their personal information being mishandled, and probably used against them. The concept of privacy is undergoing a change. Government of India, its citizens and Industry are going through this dynamism since the last decade. In a tryst of balancing benefits of Technology against its inherent risks, protecting national infrastructure from increasing cyber threats, securing growth of economy, protecting the interest of industry, and providing comfort to citizens about their personal rights in cyberspace, Government of India with the help of Industry is trying to evolve a new ecosystem for cyber security and data protection. Indian Economy is being transcended with increasing dependence on Information Technology. It is interesting to take a review of different initiatives undertaken by government towards building an ecosystem that promises security and in cyberspace guarantees privacy rights of an individual, and how the Industry is contributing to this ecosystem. 2 Indian Economy becoming E-economy The story of India‘s growth continues even in the backdrop of global recession. In recent years, it has witnessed increasing thrust in the use of Information Technology. Government of India is investing more than $ 10 billion dollars on e-governance through many mission mode projects that would transform its functioning into Government @ 24x7. Indian government seen as a big consumer of Information Technology, is not only using IT for creating new age channels for public services,  but is also using IT for managing critical infrastructure of the country. Industry, on the other hand, is extensively using technology for expanding its business outreach. E-Commerce in India is growing by 30 % a year, with travel, downloads and e-tailing  being preferred e-commerce services. Although the Internet penetration in India is low in comparison to global peers at about 7.1 %, Forrester, a market research company, estimates the number of Internet users in India currently to be 52 million and expects it to increase at an average growth rate of 10-20 %. Forrester estimates that by 2013, India will be the third largest user of Internet. Indian banking industry has been observing that Internet is overwhelming other channels to execute banking  BUILDING AN ECOSSYSTEM FOR CYBER SECURITY AND DATA PROTECTION  IN INDIA 3 transactions. Retail e-payment 1  is growing fast at the rate of 70% a year and will reach $ 180 billion by 2010. E-transactions currently account for 30% of total transactions. However, 75% of total payment value is found in the electronic form. Card circulation 2    —  credit and debit  —   will hit 210 million by 2010. The mobile subscriber base is expanding at an even greater space. According to TRAI, by August 2009, the total wireless subscriber base has crossed the figure of 456 million 3  and is expected to cross 1 billion by 2014. With larger base of mobile consumers, and ease of transactions that these channel offers, m-commerce is expected to pick up in India within a short span of time. Indian IT and IT Services industry is growing multifold, offering not only cost reduction or scalability, but also quality. According to Mckinsey-NASSCOM study, outsourcing industry will reach between $ 225 billion to $ 350 billion by 2020 from the current $50 billion. Indian society is gradually transforming from joint family to nuclear family structure, climbing the individualism ladder fast. The emerging segment of  population, in the age bracket of 25 to35 years, is increasingly using the Internet to avail of services  —   both public and private. They have been developing their understanding about the use of technology as well as the risks of cyber space. Moreover, the media is becoming active in covering national and international data  breaches. Increased exposure of IT and ITES industry to the global data protection regulations also makes Indians aware of privacy perceptions in nation states. 3 An Ecosystem for Cyber Security and Data Protection While discussing an eco-system for cyber security for data protection five important aspects need to be evaluated. These are as follows: (1)   Legal Framework: Does the country have an adequate legal model for security and privacy? Does the current legislative eco-system understand new age complexities? Whether special legislation is enacted to deal with specific challenges imposed by for Information Technology? (2)   Government Initiatives: Is the government pro-active enough in policy enablement? Does it invest enough to address increasing challenges? How does it partner and collaborate with industry, academia and other stakeholders? (3)   Special Projects- What projects have been under taken at the national level that affects cyber space and privacy? How will these projects benefit the cause? (4)   Industry Initiatives- How are the industries participating and collaborating in the eco-system? Is there any specially purpose mechanism established that  provides a suitable platform to the industry? 1  Payments in India is going e-way, Celnet report 2  Payments in India is going e-way, Celnet report  4 Vinayak Godse (5)   Law enforcement- Is law enforcement in the country effective enough to handle the new age crimes? What initiatives have been taken for improving law enforcement? 3.1 Legal Framework for Cyber Security and Data Protection Recent enactment of IT (Amendment) Act, 2008, brings India to the league of countries that have a legal regime for cyber security and privacy. Indian Constitution, through Article 21, guarantees its citizen right of privacy. Indian courts of law have upheld the right in many of the cases. In various judgments, Supreme Court of India upheld individual rights about privacy and fixed liability of offenders, and recognized constitutional right to privacy against unlawful government invasions. Moreover, cyber security and data protection measures are supported by various enactments, namely, (i) The Indian Telegraph Act, 1885, (ii) The Indian Contract Act, 1872, (iii) The Specific Relief Act, 1963, (iv) The Public Financial Institutions Act, 1983, (v) The Consumer Protection Act, 1986 and (vi) The Credit Information Companies (Regulations) Act, 2005. The IT (Amendment) Act, 2008 provides a comprehensive definition of the computer system, and tries to ascertain clarity in the definition of cyber crimes. It introduces the concept of ―sensitive personal information‖, and  fix liability of the ‗body corporate‘ to protect the same. On the other hand, it helps to take legal action an individual for the breach of confidentiality and privacy, under lawful contract. The data protection regime in India emerges with these provisions. These changes may help gain confidence of global clients who are sending their data as a part of outsourcing to Indian IT/BPO companies. The amended Act also enables setting up of a nodal agency for critical infrastructure protection body, and strengthens the role of CERT-In. This Act now enables central government to define encryption policy for strengthening security of electronic communications. Until now, a uniform national policy for encryption was absent. This will help growth of e-governance and e-commerce. Cyber Appellate Tribunal, which is now operational, is expected to accelerate legal proceeding of cyber crime cases.  IT (Amendment) Act, 2008: Avoiding duplication of legislation- This Act includes  provisions for digital signatures, e-governance, e-commerce, data protection, cyber offences, critical information infrastructure, interception, cyber terrorism in an omnibus, comprehensive legislation. It has been observed that in western countries the legal regime that governs Information Technology is complex and redundant. In United Sates for example, there are 45 Federal enactments and about 598 State enactments that can be attributed to security and privacy.  Reasonable Security Practices for Data Protection- IT (Amendment) Act, 2008, adopt a route of ‗reasonable security practices‘ for protection of ‗sensitive personal information‘. The Act refrained from creating an infrastructure in terms of privacy commissioner‘s  office as prevailed in European countries. This might have led to the formation of a rigid bureaucratic mechanism impeding routine business functions. Instead, it tries to address data protection concerns of its citizen by fixing the liability of the organization that is not able implement the practices to an extent of unlimited
Search Related
We Need Your Support
Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

Thanks to everyone for your continued support.

No, Thanks

We need your sign to support Project to invent "SMART AND CONTROLLABLE REFLECTIVE BALLOONS" to cover the Sun and Save Our Earth.

More details...

Sign Now!

We are very appreciated for your Prompt Action!