Friday, November 30, 2012

Indian Crisis Management Plan For Cyber Attacks And Cyber Terrorism

Crisis management plan of India is one of the most important policy requirements. This is so because the threats of cyber attacks, cyber espionage and cyber terrorism are looming large at India. India needs to understand the seriousness of cyber attacks upon its critical infrastructures and cyberspace. To start with, India must formulate a crisis management plan to tackle cyber attacks, cyber terrorism and cyber espionage attempts.

Crisis management plan (CMP) is a measure of readiness to meet uncertainties and future risks and accidents. If we have a good crisis management plan at place, we can minimise the damage and harm to maximum possible extent.

CMP pertaining to information and communication technology (ICT) is an essential part of national ICT policy of India. The other parts of national ICT policy of India are cyber security policy of India, critical infrastructure protection policy of India, critical national infrastructure protection policy of India from cyber attacks, national security policy of India, etc.

Similarly, we must also formulate a cyber security policy for India. With more and more networks and computers are now connected with public utilities and essential public services, cyber security assumes great significance these days. India is also looking forward for mandatory electronic delivery of services. This would increase the risks of cyber attacks upon crucial public delivery systems of India.

The government of India has issues certain guidelines to safeguard Indian cyberspace. According to these guidelines no sensitive information is to be stored on the systems that are connected to Internet. The Government has also claimed to have formulated Crisis Management Plan for countering cyber attacks and cyber terrorism for implementation by all Ministries/ Departments of Central Government, State Governments and their organizations and critical sectors.

The organisations operating critical information infrastructure have been advised to implement information security management practices based on International Standard ISO 27001. Ministries and Departments have been further advised to carry out their IT systems audit regularly to ensure robustness of their systems. Ministry of External Affairs has also issued a comprehensive set of IT security instructions for all users of MEA and periodically updates them on vulnerabilities.

Although the steps taken by Indian government are praiseworthy, they are not sufficient to ward off the sophisticated cyber attacks. The practical implementation of the crisis management plan of India is still missing. With a beginning already taken place, it needs a political will to give it a final shape and help it to reach its final destination.

Source: Cjnews India.

Unconstitutional And Illegal Biometrics Collection Laws And Practices In India

India is passing through one of the “Most Dangerous Periods” for Civil Liberties and Human Rights Protections. No time in the past Indian Citizens were so “Vulnerable” to Human Rights Violations and blatant violation of their Fundamental Rights.

The Constitution of India has conferred many Fundamental Rights upon Indian Citizens and Persons. However, Indian Government is acting in clear “Derogation” of these Fundamental Rights and Human Rights.

Article 21 of Indian Constitution confers Privacy Rights in India to all. Similarly, Article 21 also confers Right to Life and Liberty to all that cannot be taken away except by “Due Process of Law”. Articles 14, 19 and 21 collectively protect against “Arbitrary and Unconstitutional State Actions”.

Despite all these “Protections and Rights” we have Authorities like Unique Identification Authority of India (UIDAI) that is not governed by any Law whatsoever. Similarly, we have provisions pertaining to National Population Register (NPR) of India that are clearly “Unconstitutional”.

We have no dedicated Data Protection Laws in India, Data Security Laws in India, Cyber Security Laws in India, etc. Even the Cyber Law of India, incorporated in the Information Technology Act, 2000 (IT Act 2000), is an “Endemic E-Surveillance Enabling Law” that requires urgent “Repeal”.
Cyber Security in India is also in bad shape and even the Supreme Court of India has chided Indian Government to boost up its Cyber Security to protect National Security of India. National Security and Right to Information in India are on “Crossroads” where the “National Security Card” is very frequently played by Indian Government to deny “Legitimate and Eligible Information” to Indian Citizens.

In all this “Political and Legislative Mess” we have a “Bonus” for Indian Government as well. The Parliamentary Oversight of Intelligence Agencies of India is missing and they are “Not Accountable” to any “Legislative and Parliamentary Scrutiny”.  Intelligence related Projects like National Intelligence Grid (NATGRID), Central Monitoring System (CMS) of India, proposed National Counter Terrorism Centre (NCTC) of India, etc have no Parliamentary Approval and Oversight.  

There is no second opinion that collection of “Highly Sensitive Biometric Details” by any Governmental Agency or Authority in such circumstances is not only “Unconstitutional” but is also “Highly Risky” for Life and Liberty of Indian Citizens/Persons. In fact, collection of Biometric Details by UIDAI and NPR are clearly “Unconstitutional and Illegal” and Indian Citizens and Residents can “Refuse” to provide the same no matter what these Authorities and Laws say.

Human Rights Protection in India is at its nadir. Similarly, Civil Liberties Protection in Indian Cyberspace is in doldrums. If we keep on succumbing to the “Pressure Tactics” of Indian Government, the day would be not far when Indian Government would have complete control over our “Body and Soul”.