Thursday, January 5, 2012

Securing Critical National Infrastructure Of India From Cyber Attack

This is the updated version of my previous article on similar topic. Lots of changes have taken place since then and it is essential to incorporate those changes in this new piece of article.

The cyber security trends in India 2011 by Perry4Law Techno Legal Base (PTLB) indicate that cyber security in India is still ignored by various stakeholders. Whether it is banks or strategic computers of Indian government, all of them have proved to be vulnerable to cyber attacks.

Highly sophisticated malware like Duqu, Stuxnet, etc targeted India in the year 2011 and India is still investigating the Duqu malware. Indian nuclear facilities, automated power grids, satellites, defense networks, governmental informatics infrastructures, etc are vulnerable to sophisticated cyber attacks. It is still not clear whether Indian satellites are safe from cyber attacks.

The supervisory control and data acquisition (SCADA) systems may be the new cyber attack priority for cyber criminals and rouge nations. We must ensure sufficient cyber protection of SCADA systems in India in general and critical infrastructure in particular. In short, Indian defense and security against cyber warfare needs to be streamlines to meet the growing cyber attacks upon its critical infrastructures.

Although cyber security in India has started gaining attention of Indian government yet the cyber security initiatives of Indian government are still far from satisfactory. We do not have a cyber security policy in India that clearly stipulates the cyber security strategy of India.

Cyber security of India is also an essential part of national ICT policy and strategy of India. However, despite some very good suggestions by experts, India has not taken cyber security seriously. On the other hand, the International Community is focusing really hard to make cyber security an essential part of their day to day lives.

Internationally, it is an accepted fact that to ensure effective cyber security, there must be a coordinated and collaborative approach, metrics and assessment tools must be developed, an effective legal and policy framework for cyber security must be created and the human dimension of cyber security must be addressed.

Although there are numerous aspects of Cyber Security Policy of India yet Critical Infrastructure Protection in India and Critical ICT Infrastructure Protection in India are the most important aspects of the same, informs Praveen Dalal, leading techno legal expert of India and managing partner of New Delhi based techno legal law firm Perry4Law. The Critical National Infrastructure of India is under constant cyber attacks and India must urgently do something in this regard, informs Dalal.

Experts like Praveen Dalal also feel that India does not have strong and effective cyber laws to deal with issue pertaining to critical infrastructure. India is blind towards cyber law, cyber security and cyber forensics requirements. The IT Act, 2000 is a poorly drafted law and badly implemented legislation. It is weak and ineffective in dealing with growing cyber crimes in India as it is the most soft and cyber criminal friendly legislation of the world.

Thus, on all the fronts of policy, legal framework and effective cyber security initiatives, India has failed to give proper attention. In these circumstances, critical national infrastructures of India are at grave cyber security risks. They are vulnerable to cyber threats and cyber attacks. India must urgently do something in this regard as soon as possible.