Tuesday, September 27, 2011

National Cyber Security Policy Of India

The recent cyber attacks upon India have proved once again that we need to pay more attention to cyber security in India. Cyber security in India is required not only to protect sensitive information stored in the computers of strategic Indian departments and ministries but also to safeguard the present and future critical infrastructure of India.

Not only critical infrastructure protection in India is needed but also critical ICT infrastructure protection in India (CIIP in India) is need of the hour. CIIP in India is an area that requires urgent attention of our policy makers. We must formulate a critical ICT infrastructure protection policy of India as soon as possible.

Similarly, cyberspace crisis management plan of India is also required to be formulated. We must formulate a national ICT crisis management plan of India. Further, Indian crisis management plan against cyber attacks and cyber terrorism must also be formulated.

All these, and many more, aspects must be made a part of the cyber security policy of India. A national cyber security policy of India must be formulated in this regard that is made implementable after a reasonable period. Issues like cyber warfare, cyber terrorism, cyber espionage, international cyber security cooperation, etc must be part of the same.

We need a clear and implementable cyber security strategy of India. The cyber security policy and strategy of India must be techno legal in nature that can take care of both technical and legal aspects of cyber security.

There is no second opinion that national security policy of India is required and cyber security is an essential and indispensable part of the same. The sooner we formulate and adopt the same the better it would be for the larger interests of India.

Monday, September 26, 2011

Cyber Attacks Are Affecting Indian Critical Infrastructure

These days information and communication technology (ICT) has become an indispensable part of our day to day life. Many critical infrastructures have now been connected with ICT in one form or another.

This is the reason why we need to ensure critical infrastructure protection in India and critical ICT infrastructure protection in India. We also need to strengthen the cyber security of India and the best way to do so is to formulate the national cyber security policy of India.

Cyber attacks and cyber threat are increasing against India. However, cyber security in India is not up to the mark and is ailing badly. There are many factors for the poor performance of Indian cyber security and lack of adequate expertise is one of them.

Whether it is strategic government department’s computers or critical infrastructure, all of them are under constant cyber attack risks. Take the example of the recent cyber security incidence that has affected the Indira Gandhi International Airport (IGIA) security systems.

Three months ago, a ‘technical snag’ had hit operations at the state-of-the-art T3 terminal at IGIA. It now turns out it was caused by a “malicious code” sent from a remote location to breach the security at the airport.

A hunt has been launched to nab the perpetrator with the CBI registering a case under the IT Act and IPC. Investigators say that the “malicious code” was in the form of “attack scripts”, which means a programme was written by an expert to exploit the system’s security weakness.

While the efforts of CBI is praiseworthy yet when it comes to timely and appropriate actions, CBI does not score well. For instance, the case of CBI’s website defacement has not been investigated in the manner it was required. Cyber crimes investigations in India need to be improved to make effective investigation and get desired results.

In the present case of IGIA as well the news of the cyber attack has come after three months and this has weakened the case to a great extent. We need timely detection and effective cyber crime investigation capabilities in India to deal with cyber attacks and cyber crimes. Indian government must conduct effective trainings and courses for cyber crimes investigations in India.

Coming to the present case, the check-in counters, transfers counters and boarding gates at the IGI are operated using the Common Use Passengers Processing System (CUPPS), maintained by Aeronautical Radio Incorporated (ARINC). The CUPPS operates on a common software-and-hardware platform that integrates all information such as an airline’s reservation system, the expected time of departure and the capacity at waiting lounges. The problem in CUPPS started at 2.30 am on June 29 due to which check-in counters of all airlines at T3 became non-operational.

“This forced the airlines to opt for manual check-in and as a result passengers had to wait. There are around 172 CUPPS counters and only a third were functioning online,” said an official. The investigation revealed that someone had hacked into the main server of the CUPPS and introduced a virus.

It took nearly 12 hours to restore the system. The CBI was also called in as officials suspected it was a security breach. “We found that there were serious security lapses,” said a CBI official.

The agency had also asked for details of records of CUPPS and staff handling the system. “Once we receive the details, it will be analysed to see if any official is involved. It appears that someone sitting at a remote location had operated the system. We have registered a case under the IT Act and other relevant section of the IPC,” added the CBI official.

Indian critical infrastructures are under strong cyber attacks and we need to take this seriously. In cyber crimes and cyber attacks cases taking months to investigate them means loosing the case. We have to develop real time cyber security capabilities in India to avoid such failures.

Sunday, September 25, 2011

E-Commerce Laws In India

Information and communication technology (ICT) has changed the way we make our commercial transactions. Even payments for such online dealings and transactions can be made through an online mode. One such commercial use of ICT is electronic commerce.

Electronic commerce in India (E-commerce in India) has slowly and steadily entered the Indian market. Toady from tickets booking to purchasing of good and services, everything happens in an online environment.

Of course, where commercial transactions occur, disputes and differences are bound to occur. To prevent and resolve these disputes we need norms, regulations and laws that are acceptable to all the stakeholders.

The e-commerce law of India is primarily incorporated in the information technology act, 2000 (IT Act 2000) that takes cares of legal obligations of both sellers and buyers of good and services in cyberspace.

The IT Act 2000 prescribes rules and norms for online contract formulation. The traditional concepts of offer, acceptance etc, as applicable under the contractual laws, have also been covered by the IT Act 2000. The only difference is that they have been customised as per the requirements of cyberspace.

However, e-commerce transactions and contracts also attract certain additional legal liabilities that e-commerce players in India are not very much aware. For instance, very few e-commerce players in India are aware that they are “intermediaries” within the meaning of IT Act 2000.

Further, other laws, including intellectual property laws, make these e-commerce players labile for civil and criminal actions. For instance, these e-commerce players can be held liable for online infringement of copyright in India of the copyright owners.

Similarly, if any person posts an offending material at the e-commerce site or otherwise deal with the e-commerce site in an illegal manner, the e-commerce site owner may find himself in trouble.

Cyber law due diligence in India is one aspect that all e-commerce site owners must frequently engage in. The present laws of India are stringent in nature and subsequently claiming ignorance of such laws would not make much difference.

Perry4Law and Perry4Law Techno Legal Base (PTLB) strongly recommend that before opening an e-commerce site or business, the owner of the same must consult a good techno legal law firm that can advice him upon all the possible and applicable aspect of e-commerce laws in India.

Indian Centre For ICT In Parliament

World over parliaments are becoming aware of the benefits of information and communication technology (ICT). India is also following the pursuit. However, the use of ICT by Indian parliament is very limited and traditional in nature.

For instance live telecasting of the proceedings of parliament, maintaining of websites by parliament, etc are some of the examples where ICT has been used by Indian parliament. However, Indian parliament has to cover a long gap before it can be safely called fully ICT compliant.

Parliament is a place where laws are made. If we combine technology with law, the requirement of parliament becomes techno legal in nature. This also means that we need research and training centers for parliament that are techno legal in nature.

At Perry4Law Techno Legal Base (PTLB) and Perry4Law Techno Legal ICT Training Centre (PTLITC) we have established the exclusive techno legal ICT research and training centre for parliament of India. This is the exclusive techno legal Indian centre for ICT in parliament. The centre intends to empower Indian parliament and parliaments of other jurisdictions in a techno legal manner.

PTLB and PTLITC have also started various techno legal e-learning courses, education, research and trainings for staff, employees, committees, committee members, members of parliament, etc. This includes techno legal courses and trainings for legislative drafting, legislative research, legislative education, public legal awareness trainings, etc.

We hope this initiative of PTLB and PTLITC would be beneficial for various stakeholders in general and Indian parliament and other parliaments in particular.

Friday, September 23, 2011

Online Commercial Arbitration In India

Arbitration is a cost effective and expeditious dispute resolution mechanism. A majority of commercial disputes are resolved through the mode of arbitration. International commercial arbitration has also become an emerging trend these days. Generally, an arbitration clause is incorporated in various contracts and commercial contracts that prescribe resolution of a future dispute through arbitration.

Traditional litigation is not a productive mechanism to resolve disputes as it is costly and time consuming in nature. Thus, there is a gradual shift from litigation to arbitration in commercial matters.

A new aspect has been added to commercial dispute resolution and commercial arbitration by the information and communication technology (ICT). ICT has introduced a novel dispute resolution mechanism known as online dispute resolution (ODR). Although ODR in India has still to keep a pace yet it has been used in developed countries for many purposes, especially for resolving cross border e-commerce disputes.

At Perry4Law Techno Legal Base (PTLB) we are not only providing training and courses on ODR but are also actively using the same for contractual and commercial disputes resolution in India. In fact, Perry4Law and PTLB have provided the exclusive technology dispute resolution policy of India and ODR policy of India so that ODR may gain popularity and a wider acceptance in India.

PTLB has supplemented its ODR initiatives with other techno legal initiatives. The chief among them are e-courts research and training centre, digital evidencing centre, cyber forensics centre, etc. We hope our initiatives and efforts would be beneficial for the growth of online commercial arbitration in India and world wide.

Wednesday, September 21, 2011

ICT Research And Training Centres In India

Information and communication technology (ICT) is a specialised field that requires good working knowledge and expertise. ICT covers many areas like ICT legal framework, cyber security, cyber forensics, e-learning, e-commerce, e-governance, electronic services delivery, digital preservation, etc.

Further, ICT is no more technological in nature these days. Today ICT has to take care of both technical as well as legal issues. For instance, fields like cyber law, cyber forensics, digital evidencing, video conferencing for judicial purposes, e-courts, etc are essentially techno legal in nature.

World over ICT research and training is in infancy stage. However, developed countries are better situated than developing countries like India in this regard. In order to compete and defeat these developed countries, India needs to establish good and effective techno legal ICT research and training institutions and centers.

At Perry4Law Techno Legal Base (PTLB) we have opened many techno legal ICT research, training and education centers. PTLB manages the exclusive techno legal research, education and training centers in the fields like cyber law, cyber security, cyber forensics, e-courts, digital evidencing, online dispute resolution (ODR), human rights protection in cyberspace, techno legal skills development, techno legal e-learning, etc.

Perry4Law Techno Legal ICT Training Centre (PTLITC) is providing highly specialised and domain expertise based techno legal research, education and trainings in India and world wide. PTLITC is also the exclusive techno legal ICT research and training institution of India and world wide.

PTLB/PTLITC provides all these and many more techno legal e-learning courses in India and world wide. A prototype of the techno legal e-learning courses of PTLB is available to have an idea about the basic level techno legal courses of PTLB (PDF).

Since this initiative of PTLB is an online initiative, students and professionals from any part of the world can get themselves enrolled. The application form (Doc) for getting enrolled to various courses of PTLB is also available online.

PTLB intends to widen its research, education and training activities and with the active use of e-learning and online learning methodologies, the same would be achieved very soon.

Sunday, September 18, 2011

ICT Training Institutes In India

Information and communication technology (ICT) has transformed the way we live in today’s environment. All aspects of our day to day life have ICT as an essential component. ICT has also transformed the way trainings are imparted for various professional courses.

These days training, education and courses are imparted in an online environment through e-learning method. Skills developments are also performed in an online environment. However, there is a shortage of good ICT training institutions in India.

Today employers and companies are not looking for just academic degrees or diplomas. In fact, they are looking for actual skills and practical knowledge. This makes a dominant majority of our educated young generation jobless.

The aim of any education must be to develop skills and expertise rather than imparting mere academic discourse. India must work in this direction and ICT training and education institutions must be encouraged.

At Perry4Law Techno Legal Base (PTLB) we are working in this crucial direction. PTLB manages the exclusive techno legal ICT training and education centre of India. PTLB also provides the exclusive techno legal e-learning in India and world wide.

Some of the courses and trainings offered by PTLB include cyber law, cyber security, cyber forensics, cyber crime investigation, cyber fraud investigation, etc. Besides areas like e-commerce, e-governance, e-courts, electronic delivery of services, Natgrid, CCTNS, etc are also covered. Interested individuals and organisations may contact PTLB in this regard for these trainings, courses and partnership offers.

Saturday, September 17, 2011

Legal E-Learning Courses In India

E-learning has changed the entire game of education providing in India. In a country like India, qualitative and timely education is very difficult to find. Universities, colleges and educational institutions of India are not only overcrowded but they are also following the traditional and old academic model.

This has sacrificed practical trainings and skills development in India to a greater extent. Skills development for technical education in India is especially in urgent need of rejuvenation. Online skills development in India through e-learning is a viable option to fill this gap that is costing us skilled workforce in India.

Legal e-learning in India has also witnessed a growing interest in India. At Perry4Law Techno Legal Base (PTLB) we provide exclusive techno legal e-learning education, courses, trainings, etc. Techno legal e-learning in India by PTLB has the unique advantage that it combines both technical as well as legal knowledge that very few in the world are doing.

Some of the courses where e-learning can play a conclusive role in India include cyber law, cyber security, cyber forensics, due diligence, intellectual property rights, digital evidence, e-courts, Natgrid, CCTNS, human rights in cyberspace, etc.

PTLB provides all these and many more techno legal e-learning courses in India and world wide. A prototype of the techno legal e-learning courses of PTLB is available to have an idea about the basic level techno legal courses of PTLB (PDF).

Since this initiative of PTLB is an online initiative, students and professionals from any part of the world can get themselves enrolled. The application form (Doc) for getting enrolled to various courses of PTLB is also available online.

Indian government must announce incentives and supports for private institutions that are providing valuable trainings and education through e-learning methodology. This is more so in the legal field where e-learning is almost non existent. We hope our initiatives would prove useful to all concerned.

Sunday, September 11, 2011

Electronic Warfare Would Be The Norm In Future

Electronic warfare is assuming the centre stage in the present day’s warfare. Signal intelligence (SIGINT) is often combined with electronic warfare to make it more effective. Incidences of use of technology for electronic warfare and SIGNIT are on rise.

For instance, approximately two years before, the Pentagon fixed a security breach that allowed insurgents to hack into data feeds from pilotless "drone" aircraft that provide real-time video of war zones.

Iraqi militants developed a mechanism to track the drones and attack them before they could have strike. They used commonly and cheaply available software named SkyGrabber to shoot down highly sophisticated US drones. SkyGrabber helped in capturing the drone feeds in order to neutralise the same.

This means, in this era of electronic warfare we have to apply common sense first before relying upon and procuring technology worth of millions.

In a recent example, a US military reconnaissance plane came under electronic attack from North Korea and had to make an emergency landing during a major military exercise in March.

The plane suffered disturbance to its GPS system due to jamming signals from the North's southwestern cities of Haeju and Kaesong as it was taking part in the annual US-South Korea drill. The incident was disclosed in a report that Seoul's defense ministry submitted to Ahn Kyu-baek of parliament's defense committee. Spokesmen for the defense ministry and US Forces Korea declined to comment.

Jamming signals, sent at intervals of five to 10 minutes on the afternoon of March 4, forced the plane to make an emergency landing 45 minutes after it took off. The signals also affected South Korean naval patrol boats and speedboats, as well as several civilian flights near Seoul's Gimpo area, according to the report.

Seoul mobile users also complained of bad connections, and the military reported GPS device malfunctions as the South and the US were staging the drill, which was harshly criticised by the North.

The Communist state has about 20 types of jamming devices, mostly imported from Russia, and has been developing a new device with a range of more than 62 miles (100 kilometers) near the heavily-fortified border.

Signal jamming is also used for blocking radars to perform their designated tasks. Further, signal jamming can also be used to jam mobile or wireless communications. In future, signal jamming may be used more severely and frequently.

Friday, September 9, 2011

Jeff Radebe Denies Regulation Of Blackberry’s Messenger Services In South Africa

Research in Motion’s (RIM) Blackberry Service is under fire and facing E-Surveillance Regulations in various Nations. Of course, this is a “gross lack of understanding” of Technology and a “futile exercise” to control the same.

India is one such Nations that believe that E-Surveillance is better than and a substitute of Cyber Security. India seems to be a country that believes that an Internet Kill Switch can be a solution to Cyber Threats. As a result it forced Blackberry to provide a framework that would allow Indian Intelligence Agencies to monitor contents on its Messenger Service. Thus, Blackberry’s Messenger Service is now an E-Surveillance tool in India.

However, we have seen “positive developments” as well. For instance, United Nations has declared that Right to Internet Connection a Human Right. Similarly, recently the Council of Europe’s drafted a Resolution on abuse of State Secrecy and National Security respecting the Civil Liberties. The latest to add to this list is the declaration by South Africa’s Justice Minister Jeff Radebe that South Africa has no plans to regulate Blackberry's encrypted message service BBM for the Cyber Security.

Jeff Radebe said that there were no plans at this stage to regulate the BBM service of Blackberry. His statement came after the Deputy Minister of Communication Obed Bapela recently called for such regulation.

"I have been assigned the portfolio of cyber-security and wish to invite specialists to assist us to determine whether we should regulate applications such as BBM within the context of cyber security," Bapela had said earlier.

The use of BBM in civil unrest in recent weeks in South Africa had raised fears that it could give rise to situations such as that experienced in Arab states.

With countries such as India and Saudi Arabia also recently having proposed regulation for the Blackberry service, legal experts here expressed concern about Bopela's suggestion. However, not only Bopela's viewpoint is right but also ideal as he is inviting the Cyber Security Experts to deliberate upon security related problem that Countries like India and Arab States never do.

Cyber Security problems can be solved only through a “Techno Legal Regime” and not through E-Surveillance and “Oppressive Methods” that India and Arab States are doing. India needs to develop Intelligence Gathering Skills and Cyber Skills to solve it s Cyber Security and National Security related problems.