0% found this document useful (0 votes)
26 views26 pages

13 Chapter 5

This document discusses the international and national legal frameworks related to cyber security. It describes several international organizations that are working to harmonize cybersecurity legislation between countries, such as the International Telecommunication Union, Interpol, and United Nations. The document focuses on the United Nations' role, noting that it has been actively discussing cybersecurity issues for over two decades through various committees and resolutions. The UN General Assembly in particular aims to advance the development of international cybersecurity norms.

Uploaded by

Parvathy Nair
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
26 views26 pages

13 Chapter 5

This document discusses the international and national legal frameworks related to cyber security. It describes several international organizations that are working to harmonize cybersecurity legislation between countries, such as the International Telecommunication Union, Interpol, and United Nations. The document focuses on the United Nations' role, noting that it has been actively discussing cybersecurity issues for over two decades through various committees and resolutions. The UN General Assembly in particular aims to advance the development of international cybersecurity norms.

Uploaded by

Parvathy Nair
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 26

ity

rs
ve
ni
U
lim
us
M

CHAPTER-5
h
ar

LEGAL DIMENSION ON CYBER


lig
A

SECURITY: INTERNATIONAL AND


y,
ar

NATIONAL PERSPECTIVE
br
Li
d
za
A
na
la
au
M
Chapter-5 Legal Dimension of Cyber Security: International and National Perspective

CHAPTER-5
LEGAL DIMENSION ON CYBER SECURITY:
INTERNATIONAL AND NATIONAL PERSPECTIVE
Cyber security is indeed a multi-dimensional concept. It is a complex issue spanning
many disciplines and fields. It being a global problem needs a global solution. The
cyber security cannot be secured in isolation by any government because it is not a
technical problem that can be solved. In fact it is a risk that can only be managed by a
combination of defensive technology, judicious analysis and information warfare, and
traditional diplomacy. Countries need to make suitable strides in their individual

ity
locales to make fundamental laws, advance the execution of sensible security

rs
rehearses, episode the executives, and data sharing instruments, and ceaselessly

ve
ni
instruct both corporate and home clients about network safety. Global collaboration is

U
fundamental to ensure a safe cyberspace. With regard to the cybercriminals, it isn't

lim
just the laws managing cybercrimes that must exist in different nations, however the
us
M
assortment of suitable digital legal sciences information in different purviews and
h

their introduction in official courtrooms, which are fundamental to deal with


ar
lig

lawbreakers in sovereign countries.1


A
y,

5.1 International Legal Framework


ar
br

The nature of cybercrime and the legal issues are global. Following are the
Li

International organizations through which the efforts have been taken to ensure the
d
za

harmonization of legislation in the individual countries. There are different


A

associations, which are ceaselessly working worldwide just as provincial level to


na
la

battle the expanding number of cyber security issues. These organisations are:
au
M

1) International Telecommunication Union (ITU),


2) International Police organization (INTERPOL),
3) United Nations Office on Drugs and Crime (UNODC),
4) G8 Group of States,
5) Council of Europe,
6) Organization of American States (OAS),
7) Asia Pacific Economic Cooperation (APEC),

1
International and Regional Responses to Cyber security Challenges, available at
http://www.idsa.in/book/securing-cyberspace_csamuel-mshara (Visited on April 4, 2017)

89 | P a g e
Chapter-5 Legal Dimension of Cyber Security: International and National Perspective

8) The Organization for Economic Cooperation and Development (OECD),


9) The Commonwealth,
10) The European Union.

5.1.1 International Organisations


I. United Nation Organization (UNO)2
The United Nations started its action related to cyber security in the early 1990s,
focusing on the criminal use of emerging technologies. The exponential growth of the
Internet in the mid-1990s also eventually raised concerns about the implications of the
security of information systems for international peace and security. Out of the six

ity
General Assembly committees, three have focused on cyber security related issues i.e.

rs
ve
the Disarmament and International Security Committee (First Committee), the

ni
Economic and Financial Committee (Second Committee), and the Social,

U
Humanitarian and Cultural Committee (Third Committee).

lim
us
The Russian Federation introduced the resolution in the First Committee, the Third –
M

Social, Humanitarian, and Cultural – Committee discussed „Combating the criminal


h
ar

misuse of information technologies‟ as part of its work on crime prevention and


lig
A

criminal justice. A few years later, the focus of the substantive cyber-crime related
y,

discussion moved from the General Assembly to the Commission on Crime


ar
br

Prevention and Criminal Justice. The Second Committee, the Economic and Financial
Li

Committee, has also adopted resolutions related to cyber security namely those
d
za

focused on the „Creation of a global culture of cyber-security‟ dating back to a draft


A

resolution introduced by the U.S. government in 2002. This series of resolutions has
na

emphasized protection of critical information infrastructures.3


la
au
M

In addition to the UN General Assembly, cyber security was on the agenda of the
Economic and Social Council (ECOSOC) in 2011, which held a special event on the
impact of cyber-attacks on development. The UN‟s Counter-Terrorism
Implementation Task Force includes a Working Group on countering the Use of the
Internet for Terrorist Purposes. In a report published in February 2009, the working
group concluded that “there is not yet an obvious terrorist threat in the area” and that

2
Cyber security and united nation, available at
https:// www.freedomonlinecoalition.com/how-we-work /working-groups /working-group-1/
cybersecurity-and -united- nations/ (visited on April118, 2017)
3
Ibid

90 | P a g e
Chapter-5 Legal Dimension of Cyber Security: International and National Perspective

“it is not obvious that it is a matter for action within the counterterrorism remit of the
United Nations.”Other parts of the UN system have also focused on cyber security
including the UN Office on Drugs and Crime and the International
Telecommunication Union. It is also worth mentioning that Brazil and Germany
introduced a draft resolution on privacy in the digital age in the Third Committee in
2013. This initiated a new, related process with a new resolution adopted in December
2014 referencing the potential creation of a “special procedure” with the goal of
“identifying and clarifying principles, standards and best practices regarding the
promotion and protection of the right to privacy”.4

ity
In short, over the past two decades the UN has been quiet actively discussing cyber

rs
ve
security and has emerged as an important node in the network of international debates

ni
at the regional and global level. The UN General Assembly‟s actions pays attention

U
on „Developments in the field of information and telecommunications in the context

lim
of international security‟, in particular, have become a key vehicle to advance the
us
M
development of international cyber security norms.
h
ar

II. United Nation Resolutions on Cyber security


lig
A

Cyber security has been high on the agenda of the United Nations (UN) for a number
y,

of years. The UN took up the subject out of recognition that building trust and
ar
br

confidence in the use of ICTs is crucial to the socio-economic well-being of


Li

humanity. As a result, the UN General Assembly (UNGA) has expressed itself on


d
za

cyber security matters in five major Resolutions. Next, we explore the relevant
A

Resolutions to assess the views of the international community on cyber security:


na
la

 A/RES/55/63: Combating Criminal Use of Information Technologies 5


au
M

This Resolution was passed by General Assembly on 4 December 2000 on the report
of the third committee (A/55/593). In this resolution, the UNGA emphasized on the
contribution of United Nations in the field of Crime Prevention and Criminal Justice
for making efficient and effective laws for the fair administration of justice to
humankind. It also focused on the grave impact of criminal misuse of information
technologies on all states. It draws on the United Nations Millennium Declaration and
asks States to ensure that the benefits of the new technologies are available to all. The

4
Supra note 3
5
Combating criminal misuse of information technologies, A/RES/55/63 available at :
https://www.itu.int/ITU-D/cyb/cybersecurity/docs/UN_res ( visited on August 30, 2019)

91 | P a g e
Chapter-5 Legal Dimension of Cyber Security: International and National Perspective

UNGA appreciating the work of the Committee of Experts on Crime in Cyberspace of


the Council of Europe on a draft convention on cybercrime, and invited States to take
into account the following measures in combating the criminal misuse of information
technologies:

a) The state should ensure effectiveness of law in dealing criminals who misuse
the information technology;
b) All the concerned States should cooperate and coordinate in investigation and
prosecution of international cases of criminal misuse of information
technologies;

ity
c) The states should exchange information regarding criminal misuse of

rs
ve
information technologies;

ni
d) Proper training should be provided to the law enforcement personnel to

U
combat the criminal misuse of information technologies;

lim
e) The privacy, honesty and availability of information and computer systems
us
M
should be legally protected from unauthorised use and the criminal should be
h

penalized;
ar
lig

f) The preservation of and quick access to electronic data should be legally


A

permitted during investigation of particular cases;


y,
ar

g) The timely investigation of the criminal misuse of information technologies


br

and exchange of evidence in such cases should be ensured by mutual


Li
d

assistance;
za
A

h) The general public should be made aware of the need to prevent and combat
na

the criminal misuse of information technologies;


la

i) The information technologies should be designed in such a way to prevent and


au
M

detect criminal misuse, trace the criminals and to collect evidence;


j) The criminal misuse of information technologies can only be curtailed by
protecting the freedom and privacy of the individual and by preserving the
capacity of Government in fighting such criminal misuse.

 A/RES/56/121: Combating Criminal Use Of ICTs 6


The UNGA adopted this resolution on 19 December 2001. The Resolution covers
similar ground as laid down in A/RES/55/63. The UNGA promotes the dialogue

6
Combating Criminal Use Of ICTs , A/RES/56/121, available at: https://www.itu.int/ITU-
D/cyb/cybersecurity/docs/UN_resolution_56_121.pdf (visited on August 29, 2019)

92 | P a g e
Chapter-5 Legal Dimension of Cyber Security: International and National Perspective

between government and the private sector on safety and confidence in cyberspace. It
requests the member States, to consider the work and achievements of the
Commission on Crime Prevention and Criminal Justice and of other global and
regional organizations while building up their public laws and policies.

 A/RES/57/239: Culture of Cyber security7


This Resolution was adopted 20 December 2002. The UNGA by focusing on the issue
of growing use of information technologies by the Governments, businesses, other
organizations and individual, laid down the following elements to create a global
culture of cyber security:

ity
a) Awareness.

rs
ve
b) Responsibility.

ni
c) Response.

U
d) Ethics.;

lim
e) Democracy.
us
M
f) Risk assessment.
h
ar

g) Security design and implementation.


lig

h) Security management
A

i) Reassessment.
y,
ar
br

All these elements should be considered by the international organisations and the
Li

member states for working on issue of cyber security in future.


d
za


A

A/RES/58/199: Creation Of A Global Culture Of Cyber security And The


na

Protection Of Critical Information Infrastructures8


la
au

This Resolution also deals with the creation of a global culture of cyber security and
M

the protection of critical information infrastructures. Issued on 23rd December 2003,


it highlights the growing reliance on information infrastructures by critical national
services in areas such as energy generation, transmission and distribution; air and
maritime transport, banking and financial services, water supply, food distribution and
public health. Thus, the Resolution invited UN Member States to develop strategies

7
Culture Of Cyber security , A/RES/57/239, available at : https://www.itu.int/ITU-
D/cyb/cybersecurity/docs/UN_resolution_57_239.pdf ( visited on August 29, 2019)
8
Creation Of A Global Culture Of Cyber security And The Protection Of Critical Information
Infrastructures, A/RES/58/199, available at https://www.itu.int/ITU-
D/cyb/cybersecurity/docs/UN_resolution_58_199.pdf ( visited on August 30, 2019)

93 | P a g e
Chapter-5 Legal Dimension of Cyber Security: International and National Perspective

for reducing risks to critical information infrastructures, in accordance with national


laws and regulations.

 A/RES/64/211: Global Culture Of Cyber Security9


This Resolution covers similar ground to the preceding four Resolutions. The
Resolution considers the outcomes of the two phases of the World Summit on the
Information Summit (WSIS). As we shall see next, the WSIS appointed ITU as the
sole moderator of Action Line C5 focusing on “Building Confidence and Trust in the
use of ICTs.” This Guide is in support of ITU‟s obligations under the WSIS Action
Line C5.

ity
rs
 A/RES/73/27: Developments in the field of information and

ve
Telecommunications in the context of international security10

ni
U
This resolution was sponsored by Russia and adopted on 5 December 2018 by United

lim
Nations General Assembly. By this resolution, UNGA has set up two parallel
us
processes for dealing with the emerging issue of cyber security. The European Union
M

voted against this resolution. According to this resolution an Open Ended Working
h
ar

Group (OEWG), acting on behalf of UN was set up in 2019, for the following
lig
A

purpose:
y,

1. Creating the United Nations exchange measure on security in the utilization of


ar
br

data and interchanges advancements more just, comprehensive and


Li

straightforward;
d
za

2. To further build up the guidelines, standards and standards of dependable


A

conduct ..., and the ways for their execution, and acquaint changes with them
na
la

or expound extra principles of conduct if essential;


au

3. To investigate the chance of building up normal institutional exchange with


M

expansive cooperation under the sponsorship of the United Nations;


4. To keep on examining, with the end goal of advancing normal understandings,
existing and expected dangers in the circle of data security and conceive
helpful measures to address them;

9
General assembly adopted resolution on Creation of a global culture of cybersecurity and taking
stock of national efforts to protect critical information infrastructures, available at
https://ccdcoe.org/sites/default/files/documents/UN-091221-CultureOfCSandCI.pdf (visited on
April 20, 2017)
10
Developments in the field of information and telecommunications in the context of international
Security, A/RES/73/27, available at: https://undocs.org/A/RES/73/27 ( visited on August 28,
2019)

94 | P a g e
Chapter-5 Legal Dimension of Cyber Security: International and National Perspective

5. To investigate how worldwide law applies to the utilization of data and


interchanges innovations by States;
6. To investigate certainty building measures and limit building measures,
7. To present a report on the consequences of the examination to the General
Assembly, and
8. to give the chance of holding intersessional consultative gatherings with the
invested individuals, specifically business, non-administrative associations and
the scholarly world, to share sees on the issues inside the gathering's order.

 A/RES/73/266: Advancing responsible State behaviour in cyberspace in the

ity
context of international security11

rs
ve
This resolution was sponsored by United Nations and adopted by general assembly on

ni
22 December 2018. This resolution set up new group called the group of

U
governmental experts (UNGGE) in 2019 on equitable geographical distribution, to

lim
us
study the norms and behaviour in cyber space. The mandate of the group for
M
promoting common understanding and effective implementation is to continue to
h
ar

study-
lig

a) The possible cooperative measures to address existing and potential threats in


A

the sphere of information security,


y,
ar

b) The norms , rules and standards of responsible conduct of States,


br
Li

c) To study certainity -building measures and capacity-building measures,


d

d) How international law applies to the utilisation of data and communication


za
A

technologies by States?
na
la

The UNGGE has to submit report of the above study to the general assembly at its
au

seventy-sixth session.
M

The general assembly can request the Office for Disarmament Affairs of the
Secretariat, on behalf UNGGE to collaborate with relevant regional organizations as
well as the Regional Forum to share views on the issues within the mandate of the
group.12

11
Advancing responsible State behaviour in cyberspace in the context of international security,
A/RES/73/266, available at : https://undocs.org/A/RES/73/266 ( visited on August 28, 2019)
12
A/RES/73/266, 4 “Requests the Office for Disarmament Affairs of the Secretariat, through existing
resources and voluntary contributions, on behalf of the members of the group of governmental
experts, to collaborate with relevant regional organizations, such as the African Union, the
European Union, the Organization of American States, the Organization for Security and

95 | P a g e
Chapter-5 Legal Dimension of Cyber Security: International and National Perspective

5.1.2 The International Telecommunication Union (ITU)13


The ITU is a specialized agency of the UN14, responsible for the information
and communication technologies. It was formed in the year 1865
as a standard setting body, which was historically among the first to coordinate
international telecommunications standards among states. The work of the ITU is to
preserve and shape the underlying telecommunications infrastructure on which global
communications depend. The International Telecommunication Union (ITU) is an
agency whose mission includes developing technical standards, allocating the radio
spectrum, and providing technical assistance and capacity building to developing
countries. According to ITU, three sectors carry out these missions by promoting

ity
rs
recommendations: the ITU-Telecommunication Standardization Sector (ITU-T), the

ve
ITU-Radio communication Sector (ITU-R), and the ITU-Telecommunication

ni
U
Development Sector (ITU-D). In addition, the ITU General-Secretariat provides top-

lim
level leadership to ensure that institutional strategies are harmonized across all
us
sectors. ITU members include delegations from 193 nations, as well as 900 members
M

from the private sector. The ITU has also developed technical standards for security.15
h
ar
lig

III. The Group of Eight (G8) 16


A

The Group of Eight (G8) is an international forum that includes the governments of
y,
ar

Canada, France, Germany, Italy, Japan, Russia, the United Kingdom, and the United
br

States. The G8 Subgroup on High-Tech Crime, seeks to prevent, investigate, and


Li
d

prosecute crimes involving computers, networked communications, and other new


za

technologies and directs the G8‟s cyber security efforts. In 1997, the subgroup created
A
na

the 24-7 High-Tech Crime Point-of-Contact Network, which lets law enforcement
la

officials from countries-including those from outside the G8-quickly contact their
au
M

counterparts in other participating nations for assistance with cybercrime


investigations.17

Cooperation in Europe and the Regional Forum of the Association of Southeast Asian Nations, to
convene a series of consultations to share views on the issues within the mandate of the group in
advance of its sessions;
13
Available at : http://www.itu.int/en/about/Pages/default.aspx (visited on April 20, 2017)
14
Dr.H.O.Agarwal, International Organisations,200(Central Law Publications,, Allahabad, 2011)
15
Available at: http://www.itu.int/osg/csd/cybersecurity/gca/global_stategic_report/index.html
(visited on April 20, 2017)
16
Available at : http://www.cfr.org/international-organizations-and-alliances/group-eight-g8-
industrialized-nations/p10647 ( visited on April 17, 2017)
17
A Global Treaty on Cyber security and Cybercrime, available at: http:// pircenter.org /media
/content/files/9/13480907190.pdf (visited on April 20, 2017)

96 | P a g e
Chapter-5 Legal Dimension of Cyber Security: International and National Perspective

IV. Association of South-East Asian Nations (ASEAN)18


Association of Southeast Asian Nations (ASEAN) is an economic and security
cooperative comprised of 10 member nations from Southeast Asia19. According to the
2009-2015 Roadmap for an ASEAN Community20, it looks to combat transnational
cybercrime by fostering cooperation among member-nations‟ law enforcement
agencies and promoting the adoption of cybercrime legislation. In addition, the road
map calls for activities to develop information infrastructure and expand computer
emergency response teams (CERT) and associated drills to all ASEAN partners.

VI. The Council of Europe21

ity
The Council of Europe is a 47 member organization founded in 1949 to develop

rs
common and democratic principles for the protection of individuals 22. In 2001, the

ve
ni
council adopted a Convention on Cybercrime to improve international cooperation in

U
combating actions directed against the confidentiality, integrity, and availability of

lim
computer systems, networks, and data. This convention identified agreed-upon cyber-
us
M
related activities that should be deemed criminal acts in countries‟ domestic law. The
h

US Senate ratified this convention in August 2006.Monoco recently ratified this


ar
lig

convention on 17 March 2017.


A
y,

VII. The European Union (EU)23


ar
br

The European Union is an economic and political partnership among 27 European


Li

countries. Subcomponents of its executive body-the European Commission-engage in


d
za

cyber security activities designed to improve (1) preparedness and prevention, (2)
A

detection and response, (3) mitigation and recovery, (4) international cooperation, and
na
la

(5) criteria for European critical infrastructure in the information communication


au

technology sector. The European Commission also formed the European Network and
M

Information Security Agency (ENISA), an independent agency created to enhance the


capability of its members to address and respond to network and information security
problems. Several independent organizations within Europe develop technical

18
Available at: http://asean.org/asean/about-asean/ (visited on 22th April2017)
19
Supra 11 at p.258
20
Available at: http://www.asean.org / wp-content / uploads / images / ASEAN_ RTK_ 2014/2 _
Roadmap _for_ ASEAN_ Community_20092015.pdf (visited on April 22, 2017)
21
Available at: http://www.coe.int/en/web/portal/home (visited on April 21, 2017)
22
Id 16 p 264
23
Available at: www.europa.eu (visited on April 18, 2017)

97 | P a g e
Chapter-5 Legal Dimension of Cyber Security: International and National Perspective

standards. The European Committee for Standardization24 is to work to remove trade


barriers for European industry and provide a platform for the development of
European standards and technical specifications. The European Committee for
Electrotechnical Standardization25 is a not-for-profit technical organization that is
responsible for preparing voluntary standards for electrical and electronic goods and
services in the European market. The European Telecommunications Standards
Institute is also a not-for-profit organization that is responsible for producing globally
applicable standards for information and communications technologies including
those supporting the Internet.

ity
VIII. The Internet Corporation for Assigned Names and Numbers (ICANN)26

rs
ve
The Internet Corporation for Assigned Names and Numbers (ICANN) is the private,

ni
not-for-profit US corporation whose primary function is the coordination of the

U
technical management of the Internet‟s domain name and addressing system.

lim
According to ICANN officials, the corporation is overseen by a board of directors
us
M
composed of 21 representatives, including 15 voting members and 6 non-voting
h

liaisons. According to ICANN officials, it also performs the Internet Assigned Names
ar
lig

Authority functions under contract to the Department of Commerce. The Internet


A

Assigned Names Authority‟s functions include coordination of the assignment of


y,
ar

technical protocol parameters, performance of administrative functions associated


br

with root zone management, and the allocation of Internet numbering resources.
Li
d
za

IX. INTERPOL27
A

INTERPOL, the world‟s largest international police organization which was created
na
la

to facilitate cross-border police cooperation. It collects, stores, analyzes, and shares


au

information related to cybercrime between its 188 member countries through its
M

global police communication system. It is also responsible for coordinating


operational resources such as computer forensic analysis in support of cybercrime
investigations. Further, INTERPOL has a network of investigators in national
computer crime units to help law enforcement seize digital evidence as quickly as

24
Available at :https://www.cencenelec.eu/aboutus/Pages/default.aspx (visited on April 21, 2017)
25
Available at: http:// ec.europa.eu/ information_ society /topics /telecoms /internet /crime/ index
_en.htm (visited on April 18, 2017)
26
Available at: https://www.icann.org/resources/pages/welcome-2012-02-25-en (visited on 21th
April 21, 2017)
27
Available at :https://www.interpol.int/About-INTERPOL/International-partners/NEC (visited on
April 20, 2017)

98 | P a g e
Chapter-5 Legal Dimension of Cyber Security: International and National Perspective

possible and facilitate cooperation when a cyber-attack involves multiple


jurisdictions. To develop strategies for emerging cybercrime methods, it assembles
groups of experts into regional working groups that harness the regional expertise
available in Europe, Asia, the America, the Middle East, and North Africa28

X. The North Atlantic Treaty Organization (NATO)29


The North Atlantic Treaty Organization (NATO) is an alliance of 28 countries from
North America and Europe30. NATO approved a Cyber Defense Policy in January
2008 to provide direction to its member nations to protect key information systems
and support efforts to counter cyber-attacks. Specifically, the policy establishes the

ity
Cyber Defense Management Authority(CDMA), which has authority for managing

rs
ve
cyber defense crises, to include directing the NATO Computer Incident Response

ni
Capability. Cyber threats and attacks are becoming more common, sophisticated and

U
damaging. The Alliance is faced with an evolving complex threat environment. State

lim
and non-state actors can use cyber attacks in the context of military operations. In
us
M
recent events, cyber attacks have been part of hybrid warfare. NATO and its allies
h

rely on strong and resilient cyber defences to fulfil the Alliance‟s core tasks of
ar
lig

collective defence, crisis management and cooperative security. NATO is prepared to


A

defend its networks and operations against the growing sophistication of the cyber
y,
ar

threats and attacks it faces. 31


br
Li

XI. The Organization of American States (OAS) 32


d
za

The Organization of American States (OAS) is an organization comprised of 34


A

independent nations in North, Central, and South America, as well as island nations in
na

the Caribbean33. Today, the OAS is bringing together 35 independent states of


la
au

America and has composed the major political, juridical, and social governmental
M

forum in the Hemisphere. In addition, it has granted permanent observer status to 69


states, as well as to the European Union (EU)34. In 2004, the OAS member states
adopted the Inter-American Comprehensive Strategy for cybersecurity. The strategy

28
Ibid
29
Available at:http://www.nato.int /nato_static_ fl2014/assets /pdf/ pdf_publications
/20150429_WhatIsNATO_en.pdf (visited on April 21, 2017)
30
Supra note 11 P.258
31
Available at :http://www.nato.int/cps/en/natohq/topics_78170.htm (visited on April 20, 2017)
32
Available at :http://www.oas.org/en/about/who_we_are.asp (visited on April 21, 2017)
33
Supra note 11 at p.255
34
Id at p. 29

99 | P a g e
Chapter-5 Legal Dimension of Cyber Security: International and National Perspective

identifies cybersecurity as an emerging threat to OAS member states and requires


three OAS entities to take action to address different aspects of cybersecurity.
Specifically, the strategy directs the Inter-American Committee against Terrorism
(CICTE) to develop plans for the creation of a hemisphere-wide, 24-hours-per-day, 7-
days-per-week network of Computer Security Incident Response Teams.35

XII. Asian Pacific Economic Cooperation (APEC) 36


Asia-Pacific Economic Cooperation (APEC) is a cooperative economic and trade
forum designed to promote economic growth and cooperation among 21 countries
from the Asia-Pacific region. APEC‟s Telecommunication and Information Working

ity
Group supports security efforts associated with the information infrastructure of

rs
ve
member countries through activities designed to strengthen effective incident

ni
response capabilities, develop information security guidelines, combat cybercrime,

U
monitor security implications of emerging technologies, and foster international

lim
cybersecurity cooperation. us
M

XIII. The Organization for Economic Cooperation and Development (OECD) 37


h
ar

The Organization for Economic Cooperation and Development (OECD) is an


lig
A

intergovernmental organization composed of 31democratic countries. 17 Member


y,

countries‟ governments can compare policy experiences, seek answers to common


ar
br

problems, identify best practices, and coordinate domestic and international policies.
Li

The OECD Working Party on Information Security and Privacy (WPISP) uses a
d
za

consensus-based process to develop policy options to address the security and privacy
A

implications of the growing use of information and communication technologies. In


na
la

addition to developing policy analysis, OECD is responsible for making


au

recommendations designed to improve the security and privacy of its member


M

countries.

35
Available at :
http://www.oas.org/en/sms/cicte/Documents/Declarations/DEC_1%20rev_1_DECLARATION_CI
CTE00749E04.pdf (visited on April 20, 2017)
36
Available at: http://publications.apec.org/publication-detail.php?pub_id=1839 (visited on April
18, 2017)
37
Available at: www.oecd.org (visited on April 10, 2017)

100 | P a g e
Chapter-5 Legal Dimension of Cyber Security: International and National Perspective

5.1.3 International Treaty and Convention


I. The Council of European Convention on Cybercrime
The Convention is the first international treaty on crimes committed via the Internet
and other computer networks, dealing particularly with infringements of copyright,
computer-related fraud, child pornography and violations of network security. It also
contains a series of powers and procedures such as the search of computer networks
and interception. Its principal goal, set out in the preamble, is to seek after a typical
criminal policy focused on the assurance of society against cybercrime, particularly
by embracing fitting enactment and cultivating international co-operation.38

ity
II. Draft Code on Peace and Security In Cyberspace-A Global Protocol On

rs
ve
Cyber Security And Cybercrime

ni
The International Law Commission adopted at its forty-eight session in 1996 the Draft

U
Code of Crimes against Peace and Security of Mankind, and submitted it to the

lim
United Nations General Assembly. Crimes against the peace and security of mankind
us
M
were then established as crimes under international law, whether or not they were
h

punishable under national law. Crimes against peace and security in cyberspace were
ar
lig

established as crimes under international law through a Convention or Protocol on the


A

United Nations level. A Convention or a Protocol on the United Nations level on


y,
ar

cybersecurity and cybercrime made a global proposal for the 2010s that is based on a
br

potential for consensus. The final draft code may be prepared by the International
Li
d

Law Commission. Mankind will in the future be completely dependent on


za
A

information and communication technologies. Serious crimes in cyberspace should be


na

established under international law, whether or not they are punishable under national
la

law. A combined global initiative on the United Nations level by organizations such
au
M

as United Nations Office on Drugs and Crime (UNODC) and the International
Telecommunication Union (ITU) should be established. This initiative could have as a
final goal a Draft Convention that should be submitted to the International Law
Commission for considering a United Nations Convention on Peace and Security in
Cyberspace

38
Convention on cybercrime, available at :https://www.coe.int/en/web/conventions/full-list/-
/conventions/treaty/185 (visited on April 19, 2017)

101 | P a g e
Chapter-5 Legal Dimension of Cyber Security: International and National Perspective

III. The Draft international convention to enhance protection from cybercrime


and terrorism (Sandford Draft)39
A Conference on International Cooperation to Combat Cyber Crime and Terrorism.
Based on the experience at this conference Stanford University introduced in 2000 a
suggestion for an International Convention on Cyber Crime and Terrorism, that‟s
known as the Stanford Draft Convention of 2000. The Article 3 of Standford Draft
Convention provides certain offences which are as follows:

Offences under this Convention are committed if any person unlawfully and
intentionally engages in any of the following conduct without legally recognized

ity
authority, permission, or consent:

rs
ve
a. Creates, stores, alters, deletes, transmits, diverts, misroutes, manipulates, or

ni
interferes with data or programs in a cyber system with the purpose of

U
causing, or knowing that such activities would cause, said cyber system or

lim
another cyber system to cease functioning as intended or to perform functions
us
M
or activities not intended by its owner and considered illegal under this
h

Convention;
ar
lig

b. Creates, stores, alters, deletes, transmits, diverts, misroutes, manipulates, or


A

interferes with data in a cyber system for the purpose and with the effect of
y,
ar

providing false information in order to cause substantial damage to persons or


br

property;
Li
d

c. Enters into a cyber system for which access is restricted in a conspicuous and
za
A

unambiguous manner;
na

d. Interferes with tamper-detection or authentication mechanisms;


la

e. Manufactures, sells, uses, posts, or otherwise distributes any device or


au
M

program intended for the purpose of committing any conduct prohibited by


Article 3 and 4 of this Convention;
f. Uses a cyber system as a material factor in committing an act made unlawful
or prohibited by any of the treaties,
g. Engages in any conduct prohibited under Articles 3 and 4 of this Convention
with a purpose of targeting the critical infrastructure of any State Party.

Purpose, intent, or knowledge with respect to the crimes set forth in paragraph 1 of
this section may be inferred from objective factual circumstances. Other Articles

39
Available at :http://cisac.fsi.stanford.edu/ (visited on April 22, 2017)

102 | P a g e
Chapter-5 Legal Dimension of Cyber Security: International and National Perspective

include: jurisdiction; mutual legal assistance; prosecution; cooperation in law


enforcement; agency for information infrastructure protection; protection of privacy
and other human rights.

IV. The commonwealth model law on computer and computer related crime
The Commonwealth Law Ministers, an expert group on Computer Crime and Related
Criminal Law was established and in 2002 prepared a revised Model Law on
Computer and Computer Related Crime [“Commonwealth Model Law”] which was
based upon the Council of Europe Convention on Cybercrime.40This draft has
received much recognition being a reasonable first effort at a model law based upon

ity
the Convention. Though not widely adopted by many States, the fact that much of its

rs
ve
framework and provisions have found their way into the ITU model laws have

ni
consequently led to many of its provisions being implemented (though clouded by

U
many poor edits by the ITU) into legislation by nations in the Caribbean, Africa and

lim
the Pacific. Until very recently, the Model Law was largely overlooked by the
us
M
Commonwealth. Even recent calls by the Commonwealth Heads of Government and
h

the Commonwealth Cybercrime initiative appear not to place the Model law front and
ar
lig

centre of a strategy in connection with cybercrime. At present, it appears to have


A

been removed from the Commonwealth Secretariat‟s website and is unavailable


y,
ar

through a cursory Google search. It has thus regrettably, been of limited relevance in
br

terms of impact upon Commonwealth countries or even generally.


Li
d
za

V. African Union Convention on Cyber Security and Personal Data Protection41


A

An African Union Convention on cyber security and personal data protection was
na
la

held in June 2014 at Africa. This convention presented an effort to tackle many
au

challenges posed by burgeoning information and communication technology (ICT)


M

sector and attempt to harmonise cyber security regulation.

40
LMM(02)17 – Report to Law Ministers @ page 1,available at:
https://www.oas.org/juridico/spanish/cyber/cyb3_CC_law.pdf (visited on April 20, 2017)
41
Available at: https://ccdcoe.org/cdn-cgi/l/chk_captcha?id=352e1a49ec982ee7&g-recaptcha-
response=03AOP2lf6_mdEB14E7RMfwItm_e93Za-T0_SAdcdQ6v-
5YZrX6pFYGLcbwMyPwCtg1ZU8C2HbJQC99cjSHi4glml5W9u8N5iyWGPNglyDIjEobyCzJlw
agpitylSbwfg0SSiFM0r4fVbdM53EodJ9s6tEvjnCMqPeQPjGi3yGi4Nk3btw0G605Jh_h30FRezFr
gmq2slVlImE-dxTzDXVng-
FrNtNKdhHY2RcFmRHZQaKg8cEkwQiLIIzIDdO_DYwfCWYGicg3FLFl0vtP1Ng8PNGexCOi
Pab00EOTodqQrkGcgQck7D9DLsw4kMRmW0NhhveyLILR-8PY (visited on April 21, 2017)

103 | P a g e
Chapter-5 Legal Dimension of Cyber Security: International and National Perspective

The history of this African convention on cyber security date back to late 1990s when
Russia introduced a draft resolution which later adopted by general assembly, present
day which having much relevancy.

In 2005, the United Nations established a group of governmental


experts tasked with producing an annual report titled “On the Developments in the Fie
ld of Information and Telecommunications” in the context of informational
perspective of international security. Despite these developments, the UN Cyber
Index reported that only eighteen of the fifty-four African Union member states had
published information indicating the existence of cyber security programme.42

ity
rs
Now we will try to analyse the national law and policy in India in this context.

ve
ni
5.1.4 National Law and Policy Framework in India

U
The Indian Penal Code, 1860 was found insufficient to cater to the need of new

lim
crimes emerging from internet expansion. Even some of the traditional crimes such as
us
M
conspiracy, solicitation, securities, fraud, espionage etc. are now being committed
h

through internet which necessitates a new law to curb them. Consequently, there is
ar
lig

need of cyber law to contest the crimes recently came up. Information Technology
A

Act, 2000, in India known as the cyber law, which is enhanced by corrections and
y,
ar

certain principles which is need of the time because of quick changing of the
br

innovative turn of events.


Li
d
za

(a) The Information Technology Act, 2000


A

In India, the Information Technology Act, 2000 got the consent of the President on
na
la

09th June, 2000. The entire premise of this Act was the goal embraced by United
au

Nation General Assembly in 1997, the Model Law on Electronic Commerce received
M

by the UN Commission on International Trade Law. Under the said goal it is


additionally to advance effective conveyance of Government administrations by
methods for dependable electronic records. This legislation is principally expected to
deal with the matters related to the regulation of electronic commerce.43

The Information Technology Act, 2000 consists of thirteen (XIII) Chapters, 94


Sections and Four Schedules. This Act was amended by the Information Technology

42
56 ILM 164(2017) , available at :http://www.cambridge.org/core/terms (visited on April 21, 2017)
43
The Information Technology Act, 2000 (Act 21 of 2000) ,See the Preamble of the Act.

104 | P a g e
Chapter-5 Legal Dimension of Cyber Security: International and National Perspective

(Amendment) Act,2008, came into force 27th October 2009 with focus on information
security and added several new sections on cyber terrorism and data protection.44 As
far as the security aspects are concerned firstly I find that in Definitional part of Act
itself encapsulates the security provisions under Section 2 (1) (ze) (zf) of the Act.

(ze) "secure system" means computer hardware, software, and procedure that—

(a) are reasonably secure from unauthorised access and misuse;


(b) provide a reasonable level of reliability and correct operation;
(c) are reasonably suited to performing the intended functions; and
(d) adhere to generally accepted security procedures;

ity
rs
ve
"security procedure" means the security procedure prescribed under Section 16 by the

ni
Central Government.45

U
lim
The Chapter -V of the Act is wholly devoted on security dimensions. The language of
us
this Chapter prescribes that where any security procedure has been applied to an
M

electronic record at a specific point of time, then such record shall be deemed to be a
h
ar

secure electronic record from such point of time to the time of verification. 46 The Act
lig

also talks about the secure digital signature47 and it provides that the Central
A
y,

Government shall for the purposes of this Act prescribe the security procedure having
ar
br

regard to commercial circumstances.48The Act further provides the provision that the
Li

Certifying Authority shall have to follow certain procedures that are secure from
d
za

intrusion and misuse;49 adhere to security procedures to ensure the secrecy and
A

privacy of the digital signatures.50 The Certifying Authoritys also have the private key
na
la

or security system was compromised in a manner materially affecting the Digital


au

Signature Certificate's reliability;.51 Further, the Chapter VIII of the Act, where any
M

Digital Signature Certificate, the public key of which corresponds to the private key
of that subscriber which is to be listed in the Digital Signature Certificate has been
accepted by a subscriber, then, the subscriber shall generate the key pair by applying

44
Manish Kumar Chaubey, Cyber Crimes and Legal Measures 121(Regal Publications, New Delhi,
2013).
45
Supra note 19 at 5.
46
Id. s.14.
47
Id. s.15.
48
Id. s.16.
49
Id. s.(a).
50
Id. s.(c).
51
Id. s.38 (2) (c).

105 | P a g e
Chapter-5 Legal Dimension of Cyber Security: International and National Perspective

the security procedure.52 By the amendments also the Act provides penalties and
compensation for damage to computer, computer system53 and also inserted provision
to protect sensitive personal data or information possessed, dealt or handled by a body
corporate in a computer resource which such body corporate owns, controls or
operates. If such body corporate is negligent in implementing and maintaining
reasonable security practices and procedures and thereby causes wrongful loss or
wrongful gain to any person, it shall be legally responsible to forfeit damages by way
of reparation to the person so affected.54

Moreover, as per the Information Technology Amendment Act, 2008, a host of new

ity
sections have been added to section 66 as sections 66A to 66F prescribing punishment

rs
ve
for offenses such as obscene electronic message transmission, identity theft, cheating

ni
by impersonation using computer resource, violation of privacy and cyber terrorism.55

U
Section 67 of the old Act is amended to reduce the term of imprisonment for

lim
publishing or transmitting obscene material in electronic form to three years from five
us
M
years and increase the fine thereof from Indian Rupees 100,000 (approximately USD
h

2000) to Indian Rupees 500,000 (approximately USD 10,000). New sections have
ar
lig

been inserted as Section 67A, 67B and 67C. While Section 67A and B insert penal
A

provisions in respect of offenses of publishing or transmitting of material containing


y,
ar

sexually explicit act and child pornography in electronic form, section 67C deals with
br

the obligation of an intermediary to preserve and retain such information as may be


Li
d

specified for such duration and in such manner and format as the central government
za
A

may prescribe. In view of the increasing threat of terrorism in the country, the new
na

amendments include an amended section 69 giving power to the state to issue


la

direction for interception or monitoring of decryption of any information through any


au
M

computer resource. Further, section 69A and 69B, two new sections, grant authority to
the state to issue instructions for jamming for public access of any information
through any computer reserve and allow monitoring and collecting traffic data or
information through any computer resource for cyber security.

Apart from that under Section 70 (3) of the Act (1) the appropriate Government may,
by notification in the Official Gazette, declare that any computer, computer system or

52
Id. s.40.
53
The Information Technology (Amendment) Act, 2008, s.43.
54
Id. s.43A.
55
Id.Chapter XI.

106 | P a g e
Chapter-5 Legal Dimension of Cyber Security: International and National Perspective

computer network to be a protected system. (2) The appropriate Government may, by


order in writing, allow the persons who are authorized to use the protected systems
notified under sub-section (1). (3) Any individual who ties down access or endeavors
to tie down admittance to a secured framework in negation of the arrangements of this
segment will be rebuffed with detainment of either portrayal for a term which may
stretch out to ten years and will likewise be obligated to fine. Further, the Act
empowers the State Government to make rules under section 90 to deal the emerging
issues with the development of the information technology relating to cyber crime and
cyber security in India.56

ity
After enactment of the Information Technology Act, 2000 the major Acts which got

rs
amended such as the Indian Penal Code, 1860, the Indian Evidence Act, 1872, the

ve
Banker’s Books Evidence Act,1891 by inserting the word „electronic‟ thereby treating

ni
U
the electronic records and documents at par with physical records and document.57

lim
us
There are now enough writings in the Indian context to show as to how the IT Act
M

falls short of expectations. With the passage of time a number of issues have been
h
ar

identified for effective implementation of this Act. Therefore, inadequacies of Indian


lig

Internet regime must be removed and that needs a holistic approach to arrest the
A
y,

emerging problems in the area of information technology such as cyber crimes and
ar

cyber security in future.58


br
Li

5.2 Data Protection under the Information Technology Act


d
za

The Personal Data Protection Bill, based on the framework of the EU Data Privacy
A
na

Directive (1996), was introduced in the Parliament in 2006 but lapsed subsequently.
la

Prior to the Information Technology Act,2000, India did not have any legislation
au
M

addressing the issue of data protection. The Preamble of the Act listed out prevention
of cyber crimes and providing adequate data security measures and procedures to
protect and facilitate widest possible use of Information Technology worldwide, as
one of its main objectives59. However, only after several amendments subsequently

56
Amita Verma, “Information Technology (Amendment) Act, , 2008: A Critique” Journal of
Minorities Rights” 4 No. 2, JOMR 24-25 (2013).
57
Manish Kumar Chaubey, Cyber Crimes & Legal Measures, 137 (Regal Publications, New Delhi
2013).
58
Dhruva Jaishankar, “For better signage on the cyber highway” The Hindu, December 15, 2014.
59
Ministry of Communications & Information Technology, Information Technology (Amendment)
Act, 2008 comes into force, Press Information Bureau, October 2009, available at:
http://pib.nic.in/newsite/erelease.aspx?relid=53617 (Visited on Feb 12, 2017)

107 | P a g e
Chapter-5 Legal Dimension of Cyber Security: International and National Perspective

did the IT Act provide for adequate legal protection for data stored in the electronic
medium. It incorporated provisions regarding privacy and data protection by
prescribing both civil (Section 46) and criminal (Section 72) liabilities for protecting
privacy of individuals.

Further Section 65, in the original IT Act provided for protection of the source code
and penalized with imprisonment and fine any tampering with such computer source
documents. Section 66 further provided for the definition of hacking and also the
punishment for the same. The amendment to Section 66 widened the definition of
hacking by including various other means to destroy or alter the data stored in a

ity
computer or access the computer in an unauthorized manner without actually

rs
ve
mentioning the acts to be hacking. Further, as per section 67C of the amended IT Act

ni
„intermediaries‟ are mandated to maintain and preserve certain information under

U
their control for durations which are to be specified by law, failing which they will be

lim
subjected to punishment in the form of imprisonment upto three years and fine.
us
M

The newly inserted section 43A makes a start at introducing a mandatory data
h
ar

protection regime in Indian law. The section obliges corporate bodies who „possess,
lig

deal or handle‟ any „sensitive personal data‟ to implement and maintain „reasonable‟
A
y,

security practices, failing which they would be liable to compensate those affected by
ar
br

any negligence attributable to this failure. In addition to the civil remedies spelled out,
Li

Section 72-A could be used to impose criminal sanctions against any person who
d
za

discloses information in breach of a contract for services.These amendments have


A

widened the liability for breach of data protection and negligence in handling
na
la

sensitive personal information.


au
M

In February 2011, the Ministry of Information and Technology, published draft rules
under section 43A in order to define “sensitive personal information” and to prescribe
“reasonable security practices” that body corporates must observe in relation to the
information they hold. These rules have been made in furtherance of India‟s
recognition of a co - regulatory regime for data protection. These rules are evidently
an attempt at introducing the Fair Information Practice Principles and the OECD
guidelines in the Indian scenario. Additionally, the Government of India, with the

108 | P a g e
Chapter-5 Legal Dimension of Cyber Security: International and National Perspective

help of the Department of Information Technology, is currently working on a holistic


law on data protection based on the European Union directive.60

The Justice AP Shah Report on Privacy provides for multidimensional and inclusive
understanding of the right to privacy to include concerns surrounding data protection
on the internet and challenges emerging therefrom.61 The privacy approach paper also
suggested masquerading a data protection regime through a privacy legislation to
address regulations on collection, control, utilization and proper disposal of data,
which are not covered under the purview of the existing IT Act. It recommends the
applicability of such a regime to public as well private entities and proposes a

ity
distinction between personal data and personal sensitive data. 62

rs
ve
5.3 National Cyber Security Policy – 2013

ni
U
In the light of development of IT area in the nation, a goal-oriented arrangement for

lim
fast social change and comprehensive development for establishing secure processing
us
climate and to ensure information and data foundation in the internet, of late, the
M
h

Government of India has detailed another National Cyber Security Policy, 2013 with
ar

some very important objectives.63


lig
A
y,

The main objectives of the policy are bellows:


ar

 To construct a secure cyber ecosystem in the country, create enough trust &
br
Li

confidence in IT systems and contract in cyberspace and by this means


d

enhance adoption of it in all sectors of the economy.


za
A

 To build a guaranteed framework for design of security policies and for


na

promotion and enabling action for compliance to global security standards and
la
au

best practices by way of conformity assessment (product, process, technology


M

& people).
 To make stronger the Regulatory framework for ensuring a secure cyberspace
ecosystem.

60
Data Protection in India, Mazumdar & Co, available at: http://www.majmudarindia.com/ pdf /
Data%20Protection%20in%20India.pdf(Visited on Feb 16, 2017)
61
Justice AP Shah, Report of the Group of Experts on Privacy, Planning Commission, Govt. of
India, October 2012, available at:http://planningcommission.nic.in /reports /genrep/
rep_privacy.pdf (Visited on Feb 16, 2017)
62
Ibid .
63
National Cyber Security Policy, 2013, available at: http://meity.gov.in /sites /upload_files
/dit/files/National_cyber_security_policy-2013(1).pdf. (visited on Feb 1, 2017).

109 | P a g e
Chapter-5 Legal Dimension of Cyber Security: International and National Perspective

 To enhance the protection and resilience of Nation‟s critical information


infrastructure by operating a 24 x 7 National Critical Information
Infrastructure Protection Centre (NCIIPC) and mandating security practices
related to the design, acquisition, development, use and operation of
information resources.64
 To develop suitable indigenous security technologies through frontier
technology research, solution oriented research, proof of concept, pilot
development, transition, diffusion and commercialization leading to
widespread deployment of secure ICT products/processes in general and

ity
specifically for addressing National Security requirements.

rs
 To enable effective prevention, investigation and prosecution of cyber crime

ve
and enhancement of law enforcement capabilities through appropriate

ni
U
legislative intervention.

lim
 To create a culture of cyber security and privacy enabling responsible user
us
behavior & action through an effective communication and promotion
M
h

strategy.
ar


lig

To enhance global cooperation by promoting shared understanding and


A

leveraging relationships for furthering the cause of security of cyberspace.65


y,
ar

Apart from the above objectives of the policy also have certain strategies that are as
br
Li

follows:
d


za

Creating a secure cyber ecosystem


A

 Creating an assurance framework


na

 Creating mechanisms for security threat like early warning, vulnerability


la
au

management and response to security threats


M

 Securing E-Governance services


 Protection and resilience of Critical Information Infrastructure
 Promotion of Research & Development in cyber security
 Reducing supply chain risks
 Human Resource Development
 Creating Cyber Security Awareness
 Developing effective Public Private Partnerships

64
Id at 3.
65
Id.at 4.

110 | P a g e
Chapter-5 Legal Dimension of Cyber Security: International and National Perspective

 Information sharing and cooperation


 Prioritized approach for implementation.66

5.4 Cyber Security-Strategic Approach under XII Five Years Plan


Cyber Security prerequisites are very unique that change with the threat environment.
Threat landscape should be upgraded consistently to forestall rising assaults.
Cooperation among different organizations is expected to share data with respect to
developing dangers and weaknesses, which would help in powerful assurance and
anticipation of cyber attacks.

ity
It is necessary to take a holistic approach to secure Indian Cyber Space. While the

rs
cyber security initiatives of the XI plan period will be continued and strengthened,

ve
new initiatives will be put in place consistent with emerging threats and evolving

ni
U
technology scenario.

lim
us
It is important to adopt an all encompassing strategy to make sure a safe Indian Cyber
M

Space. While the digital protection activities of the XI plan period will be proceeded
h
ar

and fortified, new activities will be set up predictable with developing dangers and
lig

advancing innovation situation.


A
y,
ar

The subsequent cyber security schemes were proposed that need to be adopted during
br

the XII Five Year Plan:67


Li
d
za

Upgrading the comprehension as for variables for example, progressively changing


A

threat landscape, specialized intricacy of the internet and accessibility of skilled assets
na

in the zone of cyber security. Focus on proactive and combined actions in Public-
la
au

Private Partnership focused on security incidents avoidance, prediction, response and


M

recuperation activities and security affirmations. Improving knowledge and upgrading


the aptitudes, abilities and infrastructure to secure the county‟s cyber space, to give
quick response to cyber attacks, to limit the harm and recuperation time and to lessen
national vulnerabilities to cyber attacks. Improving cooperation and commitment with
different key partners, for example, Govt. furthermore, basic area associations,
sectoral CERTs, International CERTs, specialist organizations including ISPs, item

66
Id. at 4-9.
67
Available at: http://meity.gov.in/sites/upload_files/dit/files/Plan_Report_on_Cyber_Security.pdf.
(visited on Feb 1, 2017).

111 | P a g e
Chapter-5 Legal Dimension of Cyber Security: International and National Perspective

and security sellers, security and law implementation offices, the scholarly world, and
media, NGOs and digital client network.

Completing intermittent cyber security mock drills to evaluate the readiness of basic
area associations to oppose digital assaults and improve the security system.

Supporting and encouraging fundamental exploration, innovation exhibition,


confirmation of idea and proving ground ventures in thrust areas of network
protection through supported tasks at perceived R&D organizations.

5.5 Indian Computer Emergency Response Team (CERT-In)

ity
According to section 2(ua) of the IT Act,2000 “Indian computer emergency response

rs
ve
team “means an agency established under sub section (I) of Section 70-B.68 The

ni
central government shall make arrangements for the establishment of central entity to

U
lim
serve as CERT-In. This will be a specialised body primarily to take care of the
protected system in the country.
us
M
h

The Central government shall employ an organization of the administration to be


ar
lig

known as the CERT -In. Consequently, the government of India established in 2004
A

the cyber security agency known as the CERT-In and further in 2014 framed certain
y,

rules for governance of cyber security. It shall be comprised of a director general of


ar
br

the agency and such other officers and employees as the government may prescribe.
Li

The salaries, allowances and terms and conditions of the office bearers and the staff of
d
za

the agency shall be prescribed by the government. The appointment of such agency
A
na

shall be notified by the government in the Official Gazette.


la
au

The CERT-In shall be the national agency for cyber security and will be answerable
M

for all measures including Research and Development relating to cyber security
threats like hacking and phishing. It strengthens security related defence of the
internet domain. The Indian Computer Emergency Response Team shall serve as the
national agency for performing the following functions in the area of Cyber Security:
 Collection, analysis and dissemination of information on cyber incidents.
 Forecast and alerts of cyber security incidents
 Emergency measures for handling cyber security incidents

68
Inserted by S.36 of the IT(Amendment) Act,2008 (10 of 2009)

112 | P a g e
Chapter-5 Legal Dimension of Cyber Security: International and National Perspective

 Coordination of cyber incidents response activates


 Issue guidelines, advisories, vulnerability notes and white papers relating to
information security practices, procedures, prevention, response and reporting
of cyber incidents.
 Such other functions relating to cyber security as may be prescribed.

Concluding Remark
There are various international organisations as well regional organisations and
institutions that are working ahead for the better protection of the cyber space and
save it from security attacks. They have articulated various mechanisms, formulate

ity
strategies to combat the newly technological cyber crimes. However, as per records,

rs
ve
there is increase in the number of reported of the cyber crimes, what to say of

ni
unreported. The existing law and policy in India does not arrested the problem in

U
lim
effective manner. India has increasing number of internet users therefore there is need
us
of effective and comprehensive cyber security protection law, policy as well as
M

strategies. The law and policy should be effectively implemented to avoid this ever
h
ar

increasing problem of cyber criminality.


lig
A
y,
ar
br
Li
d
za
A
na
la
au
M

113 | P a g e

You might also like