Thursday, February 7, 2008

CRITICAL ICT INFRASTRUCTURE PROTECTION IN INDIA: NEED OF THE HOUR

In recent years, the frequency and sophistication of cyber security attacks on global Critical Information and Communication Technology (ICT) Infrastructure (Critical ICT Infrastructure) has greatly increased. Cyber-security experts have been warning of the vulnerability of Critical Infrastructure like Power, Energy, Transportation, Water Systems, etc to malicious hackers. Recently hackers have penetrated power systems in several regions outside the U.S. and in one case caused a power blackout affecting multiple cities. This shows the importance of a “Robust Cyber Security Mechanism” for Critical ICT Infrastructure. The Cyber Security Trends in India are not very encouraging.[1] To worsen the situation we have a weak Cyber Law in India.[2] Critical Infrastructure Protection in India must be taken seriously in the larger interest of Indian Citizens/Persons. Crisis and Risk Management by improving security systems integration, interconnectivity and interoperability would help India a lot.[3] The Power and Energy Sector of India must also take the cyber security risks seriously as their ignorance may bring disastrous results. The Government of India has still not shown its “E-Readiness” to accept this reality despite the suggestions and recommendations of Perry4Law and PTLB TM/SM in this regard. India also performed poorly as per the norms and standards of “UN E-Government Survey-2008”. This work is also an appeal to the Government of India to take “Cyber Security Seriously” in India. Cyber Security is witnessing many important phases and trends. From the perspective of mere “fun game” cyber crimes and contraventions have emerged as “professional activities” and have been transformed into a “profession” itself. No country of the world is safe from various cyber crimes and contraventions and all are struggling hard to tackle them. But the fact remains that law and its enforcement are lagging far behind than the standards and practices needed to effectively curb them. The Cyber Security in India is missing and we have a weak Cyber Law in India. We have to develop technologies and capabilities to protect Indian Citizens/Persons in areas such as transport, civil protection, energy, environment, health, etc. Additionally we have to increase the Security of infrastructures and utilities supporting areas such as ICT, transport, energy and services in the financial and administrative domain, etc. Critical Infrastructure Protection in India must be taken seriously in the larger interest of Indian Citizens/Persons. Crisis Management by improving security systems integration, interconnectivity and interoperability would help people of India a lot. The first step towards establishment of a safe and secure cyber space is enactment of a stringent cyber law. The cyber security initiatives are of no use in the absence of a strong, safe and effective law. Similarly, a strong law unsupported by ICT Security and Cyber Security would be impotent in effect. Thus, we need a “Good Combination” of cyber law and cyber security initiatives. Cyber Law in India is witnessing ups and downs of important dimensions. The journey from its origin to its development is not very smooth and conducive for the ICT oriented Indian society. Perry4Law and PTLB TM/SM have been raising these issues from considerable period of time. Though most of the recommendations given by them have been accepted by the Government of India, yet India has to cover a long distance. India must concentrate upon:

(a) Technology building blocks for creating, monitoring and managing secure, resilient and always available information infrastructures that link critical infrastructures,

(b) Risk assessment and contingency planning for interconnected transport or energy networks,

(c) Modelling and simulation for training of concerned officials and manpower,

(d) Optimised situational awareness through intelligent surveillance of interconnected transport or energy infrastructures,

(e) ICT support meeting crises occurring in critical infrastructures,

(f) Security issues with regard to the interaction of individuals with the digital world, etc.
In today’s electronic era, citizens and businesses expect and demand access to reliable, transparent and uninterrupted e-government services. The State must address the challenges associated with protecting confidential information on its systems while providing these groups with the required information. A reliable and uninterrupted e-governance base requires periodic vulnerability assessments. Perry4Law and PTLB TM/SM believe that if commercial and government organisations reevaluate their security, safety, and financial obligations to customers, shareholders, employees, and citizens, the importance of a properly implemented security vulnerability assessment is apparent. The duty of the State in this regard is not only absolute but is also unavoidable unless we ignore the important lesson that Estonia has learnt recently. Let us hope for the best in this regard in the Indian context.

© Praveen Dalal. All rights reserved with the author.
*Techno-Legal ICT, IPR and Cyber Security Specialist at
PTLB TM/SM
Managing Partner-Perry4Law (First Techno-Legal and ICT Law Firm, New Delhi, India).
LL.M, Ph.D (Cyber Forensics in India: A Techno-Legal Perspective).
Contact at:
perry4law@yahoo.com , pd37@rediffmail.com

[1] Praveen Dalal, “ Cyber Security Trends by PTLB”, http://reclaiming-india.blogspot.com/2007/12/cyber-security-trends-by-ptlb-2007.html

[2] Praveen Dalal, “ Cyber Security Trends by PTLB: Cyber Law in India”, http://reclaiming-india.blogspot.com/2007/10/cyber-security-trends-by-ptlb-cyber-law.html

[3] Praveen Dalal, “ Cyber Security Trends by PTLB: Cyber Terrorism and Risk Management”, http://www.bloggernews.net/111624