Institutional measures and initiatives
Information Technology Act, 2000
The Information Technology Act, 2000 intends to give legal recognition to ecommerce and egovernance and facilitate its development as an alternate to paper based traditional methods. The Act has adopted a functional equivalents approach in which paper based requirements such as documents, records and signatures are replaced with their electronic counterparts. The Act seeks to protect this advancement in technology by defining crimes, prescribing punishments, laying down procedures for investigation and forming regulatory authorities. Many electronic crimes have been bought within the definition of traditional crimes too by means of amendment to the Indian Penal Code, 1860. The Evidence Act, 1872 and the Banker’s Book Evidence Act, 1891 too have been suitably amended in order to facilitate collection of evidence in fighting electronic crimes.
The IT act has been amended in 2008.
National Cyber Security Policy 2013:
To build a secure and resilient cyberspace for citizens, businesses and Government
To protect information and information infrastructure in cyberspace, build capabilities to prevent and respond to cyber threats, reduce vulnerabilities and minimize damage from cyber incidents through a combination of institutional structures, people, processes, technology and cooperation.
1) To create a secure cyber ecosystem in the country, generate adequate trust & confidence in IT systems and transactions in cyberspace and thereby enhance adoption of IT in all sectors of the economy.
2) To create an assurance framework for design of security policies and for promotion and enabling actions for compliance to global security standards and best practices by way of conformity assessment (product, process, technology & people).
3) To strengthen the Regulatory framework for ensuring a Secure Cyberspace ecosystem.
4) To enhance and create National and Sectoral level 24 x 7 mechanisms for obtaining strategic information regarding threats to ICT infrastructure, creating scenarios for response, resolution and crisis management through effective predictive, preventive, protective, response and recovery actions.
5) To enhance the protection and resilience of Nation’s critical information infrastructure by operating a 24x7 National Critical Information Infrastructure Protection Centre (NCIIPC) and mandating security practices related to the design, acquisition, development, use and operation of information resources.
6) To develop suitable indigenous security technologies through frontier technology research, solution oriented research, proof of concept, pilot development, transition, diffusion and commercialisation leading to widespread deployment of secure ICT products / processes in general and specifically for addressing National Security requirements.
7) To improve visibility of the integrity of ICT products and services by establishing infrastructure for testing & validation of security of such products.
8) To create a workforce of 500,000 professionals skilled in cyber security in the next 5 years through capacity building, skill development and training.
9) To provide fiscal benefits to businesses for adoption of standard security practices and processes.
10) To enable protection of information while in process, handling, storage & transit so as to safeguard privacy of citizen's data and for reducing economic losses due to cybercrime or data theft.
11) To enable effective prevention, investigation and prosecution of cyber-crime and enhancement of law enforcement capabilities through appropriate legislative intervention.
12) To create a culture of cyber security and privacy enabling responsible user behaviour & actions through an effective communication and promotion strategy.
13) To develop effective public private partnerships and collaborative engagements through technical and operational cooperation and contribution for enhancing the security of cyberspace.
14) To enhance global cooperation by promoting shared understanding and leveraging relationships for furthering the cause of security of cyberspace.
A. Creating a secure cyber ecosystem
B. Creating an assurance framework
C. Encouraging Open Standards
D. Strengthening the Regulatory framework
E. Creating mechanisms for security threat early warning, vulnerability management and response to security threats
F. Securing E-Governance services
G. Protection and resilience of Critical Information Infrastructure
H. Promotion of Research & Development in cyber security
I. Reducing supply chain risks
J. Human Resource Development
K. Creating Cyber Security Awareness
L. Developing effective Public Private Partnerships
M. Information sharing and cooperation
N. Prioritized approach for implementation
V. Operationalisation of the Policy
Cyber Appellate Tribunal (CyAT):
Cyber Appellate Tribunal has been established under the Information Technology Act, 2000 under the aegis of Controller of Certifying Authorities (C.C.A.).
- As per the IT Act, any person aggrieved by an order made by the Controller of Certifying Authorities, or by an adjudicating officer under this Act may prefer an appeal before the Cyber Appellate Tribunal.
- This Tribunal is headed by a Chairperson who is appointed by the Central Government by notification as provided under Section 49 of the IT Act 2000.The bodyis quasijudicialin nature.
- It was conceived to adjudicate cybercrimes and disputes such as
- sending of offensive or false messages,
- receiving stolen computer resource,
- identity theft,
- cheating by personation,
- violation of privacy,
- domain name disputes and
- Other cyber fraud cases.
Significance of this move:
With growing number of internet users and government move to push for digital payments, it is extremely important to have an efficient cyber dispute settlement mechanism. This move is aimed at making the dispute settlement mechanism more efficient.
Seeking to cut red tape, an inter-ministerial group of secretaries had “unanimously” agreed to reduce the number of tribunals from 36 to 18 as the government feels that most of these bodies are performing “identical functions”.
- A Constitutional bench of the Supreme Court had some years ago suggested bringing tribunals under administrative control of the Law Ministry.
- The Department of Legal Affairs had also recently written to all Union ministries and departments to furnish details of tribunals functioning under their administrative control and explain the “possibility of merging the functions of tribunals with some other tribunals”.
- There are 36 tribunals functioning in the country dealing with subjects such as income tax, electricity, consumer protection, company laws and railway accidents.
National Cyber Response Centre – Indian Computer Emergency Response Team (CERT-In):
CERT-In (the Indian Computer Emergency Response Team) is a government-mandated information technology (IT) security organization. CERT-In was created by the Indian Department of Information Technology in 2004 and operates under the auspices of that department.
CERTIn monitors Indian cyberspace and coordinates alerts and warning of imminent attacks and detection of malicious attacks among public and private cyber users and organizations in the country. It maintains 24×7 operations centre and has working relations/collaborations and contacts with CERTs, all over the world; and Sectoral CERTs, public, private, academia, Internet Service Providers and vendors of Information Technology products in the country.
- The purpose of CERT-In is to respond to computer security incidents, report on vulnerabilities and promote effective IT security practices throughout the country.
- According to the provisions of the Information Technology Amendment Act 2008, CERT-In is responsible for overseeing administration of the Act.
United Nations (UN)
The International Telecommunication Union (ITU) is the specialized agency of the United Nations which isresponsible for Information and Communication Technologies. ITU deals also with adopting international standards to ensure seamless global communications and interoperability for next generation networks; building confidence and security in the use of ICTs; emergency communications to develop early warning systems and to provide access to communications during and after disasters, etc.
Internet Governance Forum (IGF)
The IGF was established by the World Summit on the Information Society in 2006 to bring people together from various stakeholder groups in discussions on public policy issues relating to the Internet. While there is no negotiated outcome, the IGF informs and inspires those with policy making power in both the public and private sectors.
The IGF facilitates a common understanding of how to maximise Internet opportunities and address risks and challenges. It is convened under the auspices of the Secretary General of the United Nations.
Its mandate includes the discussion of public policy issues related to key elements of Internet governance in order to foster the sustainability, robustness, security, stability and development of the Internet.
Council of Europe
The Council of Europe helps protect societies worldwide from the threat of cybercrime through the Budapest Convention on Cybercrime, the Cybercrime Convention Committee (TCY) and the technical cooperation Programme on Cybercrime. The Budapest Convention on Cybercrime was adopted on 8 November 2001 as the first international treaty addressing crimes committed using or against network and information systems (computers). It entered into force on 1 July 2004.