Sunday, May 3, 2009

Cyber Terrorism In India

Cyber Terrorism in India is in limelight but for the wrong reasons. It seems the media and law enforcement in India are too much fascinated with the term “Cyber Terrorism” that they have not even done their homework properly. Recently, the anti-terrorism squad (ATS), investigating the “terror email” has decided not to book the accused for cyber terrorism as there was no intention to carry out any act of terror. Further, the news report also claims that according to an amendment in the Information Technology Act, which came into force in February this year, anyone indulging in cyber terrorism could be sentenced to life imprisonment. Prior to this, even the sending of threat emails was considered “hacking”.

Let us first analyse the stand of ATS. It seems the ATS has become the all powerful authority of India and it has the power to make the laws, make them operational, execute them and interpret them as per their choice. This is so because they have thought to invoke a provision that does not exist at all in India. The Information Technology Act 2000 (IT Act 2000) is absolutely silent on the aspect of “Cyber Terrorism” and the proposed Information Technology Amendment Act 2008 (Amendments 2008) is still inapplicable in the absence of a “Notification” by the Central Government. Till now there has been no notification by the Central Government in this regard. So from which law the ATS could have charged the accused with Cyber Terrorism is still a great mystery.

Similarly, the reporter of this news item has no hint whatsoever that the proposed Amendments 2008 have not yet come into force. So there is no question of applying its provisions to this case. Strangely enough, I cannot find any incidence where sending offensive e-mail is considered to be a case of “hacking” in India either as per the IT Act 2000 or even by the Amendments 2008.

Of course, if the Amendments 2008 have been notified at the time of writing of the reported news then this story makes lot of sense. The fault lies with the Government of India that failed to make clear the status of the amendments.

It seems there is a lack of “cyber law awareness” in India. The law enforcement and media must be responsible in their dealings and claims regarding cyber law and other techno-legal issues. They must acquire some good knowledge about cyber law of India so that not only cyber crimes may be dealt with properly but also there is a culture of “responsible journalism” in India.

Updates of 2009, 2010 and 2011

Also see this following updates in this regard:

(1) Cyber Terrorism is a National Security Hazard

(2) Cyber Terrorism against India

(3) Cyber Terrorism in India and its Preparedness

(4) India is facing serious Cyber Threats

(5) Cyber Security Policy of India

(6) National Security Policy of India is required

(7) Indian Crisis Management Plan for Cyber attacks and Cyber Terrorism

(8) Securing Critical National Infrastructure from Cyber Attacks

(9) Critical Infrastructure protection in India

Wireless Insecurity In India

The wireless networks are increasingly used in India. On the one hand we have the convenience of using wireless networks whereas on the other hand they are prone to hacking and other cyber crimes making them the premier crime perpetuation platform. The Information Technology Act, 2000 (IT Act, 2000) is the exclusive cyber law of India and it is silent on this aspect. We are also witnessing an increased use of insecure wireless networks for sending mails either before or after the terrorist attacks in India.

The problem of wireless hacking is repeatedly brought to the public notice but still most of the wireless connections are insecure in India. The terrorists have targeted the wireless networks of Mumbai State and most of the terrorist mails are coming from such hacked wireless systems. We must secure our wireless networks on the one hand and adopt sound and stringent Crisis Management Strategies against terrorism in India on the other hand. All these problems have failed the Indian e-governance initiatives.

Even if the Government of India (GOI) is able to remove all the vices hindering the Indian e-governance initiatives, a bigger problem is waiting for India. India is notoriously infamous for weak cyber law, inadequate cyber security and absent cyber forensics capabilities. The moment we provide Internet access to crores of Indian, a major “Cyber Security Fiasco” would engulf India. India is not at all prepared on the front of securing its e-governance base.

India needs good legal framework for technology, sound cyber security and effective cyber forensics expertise. The fill in gaps actions would only ridicule India in front of the entire world. It would be better if India come up with good ICT strategies and policies that are not only sensible but also possible to be implemented.