Over the years, cyber threats as well as incidents of cyber crimes have grown exponentially. With a wanton disregard to borders, both physical and virtual, sophisticated criminals are exploiting the speed, convenience and anonymity of the Internet to execute a range of criminal activities that cause serious harm in India and elsewhere.
The 2014 National Crime Records Bureau (NCRB) Statistics Report registered a total of 9,322 cyber crime related incidents in 29 States and 300 such cases in seven Union Territories (UTs). These figures mark a 69.2 surge in States and 62.2 percent increase in seven UTs from the previous year. The bulk of cases have been registered under the Information Technology Act, Indian Penal Code (IPC) and Special & Local Laws (SLL) Cognizable Crimes. The cases have been registered under IPC sections 419, 420 and 509 for ‘financial gain' and 'insult to modesty of women' respectively.
The advent of Digital India and Smart City initiatives have brought about a paradigm shift in terms of connectivity, services and threats for both urban and rural eco-systems. While greater connectivity promises wider deliverables, it also paves the way for the emergence of new vulnerabilities. Indeed, smart cities need smarter policing, and better information sharing across states and with the central government. This challenge raises three related questions. First, how should the Indian Police Service prepare to address these cyber-related threats? How can policy formulation keep pace with a changing environment? Finally, how can we improve intra-state coordination on cyber issues?
Cyber crime in India
On May 20, 2016, the Indian Police Foundation, in collaboration with Observer Research Foundation (ORF) and Federation of Indian Chambers of Commerce & Industry (FICCI), organised a seminar on ‘Cyber Crime — strategic vision and an action plan for mitigation of threats from the cyber world’. The seminar comprised a host of dignitaries and experts from industry, government, think tanks, and civil society organisations. The discussion focused on the entire gamut of cyber issues (viz. cyber security, cyber threats, cyber terrorism, cyber law, and primarily cyber crime), while also addressing the specific challenges to the Indian Police Service.
The opening address of the panel focused on the importance of responding to the cybercrime, threats to internal security and mitigation strategy. The seminar began with an understanding that cyber security is not just an Indian concern, but also a global one. In his welcome address, Mr. N. Ramachandran, President of the Foundation, cautioned that mitigating new age threats requires the police service to 'see the writings on the wall’. During his introductory remarks, the Chairman of the Foundation, Mr. Prakash Singh, lamented that ‘while India is an IT power, New Delhi cannot claim to be a cyber power’. Growing vulnerabilities, absent coordination within government, and fragmented cyber security architecture collectively hinder India's development as a cyber power. Currently, cyber crimes in India fall under two different acts, the IT Act and the Indian Penal Code. These laws, however, are increasingly inadequate in the face of new threats. Moreover, the government needs to be adroit in managing technology, policy formulation and its implementation. Mr. Singh also stressed that New Delhi should engage with like-minded countries and get the ‘men from the open market to enhance the capability to deal with threats'.
The seminar was moderated by Mr. Raghu Raman, former CEO of NATGRID & Group President of Reliance Industries Ltd. He contended that cyber attacks, like Distributed Denial of Service (DDoS), are completely different from online radicalisation, since cyber criminals are able to subvert the content of networks to achieve their goals. This is an issue deserving the sustained attention and engagement of both policy makers and law enforcement officials.
The Deputy National Security Advisor (NSA) of India Dr. Arvind Gupta delivered the first key note address. He outlined some major cyber crime incidents such as the cyber attack on the Bangladesh Central Bank this year. Deputy NSA recommended that the Indian Police Service prioritise ‘training, intra-state coordination, international cooperation and capacity building’ in this area. The fundamental challenge for India was the lack of 'made in India' products, he said. In addition, he mentioned that India, as a net importer of technology and services, faces international legal constrains in obtaining information in real time since online data and servers are located outside India.
Dr. Gulshan Rai, the National Cyber Security Coordinator of the Government of India, delivered the second keynote address. Starting with an example of a fake site, which sought to phish people's confidential information, Dr. Rai sought to bring home the nature of the threat to the seminar participants. These phishing sites are criminal in two ways: they impersonate legitimate sites to obtain revenue or confidential information, and infringe on intellectual property. The challenge dealing with these sites is that they are hosted outside of India and the motives of perpetrators remain unclear. Turning to consider developments outside of India, Dr. Rai shared that the December 2015 cyber attacks on Ukraine were the most sophisticated form of attacks since Stuxnet. The actors behind such attacks could be either state proxies or non-state actors. The challenge for India, he noted, was creating a central agency to tackle these issues. Fortunately, the Ministry of Home Affairs (MHA) is interested in setting up a cyber crime cell in India. Dr. Rai concluded with a call for the creation of a National Cyber Crime Coordination Centre.
Dr. Muktesh Chander, Director General of Police (Goa), addressed the threats to internal security from the cyber world in the third keynote speech. Sharing about the multiple cyber threats India faces, Dr. Chander recommended the acceleration of efforts to enhance cyber capabilities for Digital India. He revealed that Computer Emergency Response Teams-In (CERT-In) handled 13,0338 cases related to cyber attack in 2014. In addition, 77, 28,408 bot-infected systems were tracked in India and 25,037 Indian websites were defaced in 2014. As per the Indian Information Technology Act, only an officer with the rank of inspector or above can investigate such cyber-related crimes. More disconcerting was the fact that 99 percent of reported incidents were cyber crimes and there remains a shortage of police personnel to investigate all these cases. Dr. Chander also stressed that India faces a growing number of cyber-related threats from its neighbourhood, particularly Pakistan and China. Vulnerabilities are present even in innocuous Smartphone applications such as ‘Torch, Angrybird, SmeshApp, WeChat’. He also reported that the incidence of social media and cyber ransom-ware in India was increasing. Against this backdrop, there is a need for better awareness and cyber security practices in governments, corporations and homes.
What followed were a series of panel discussions that expanded on the issues raised by the keynote speakers. The first panel focused on cyber crime threats and mitigation strategies. Dr. Anja Kovacs, Director of The Internet Democracy Project, underscored the need for greater cooperation between civil society organisations and the police. Such engagements would ensure greater acceptance from citizens especially as the Government of India seeks to maintain the right balance between security and civil liberties. Mr. Chandrasekhar, Group Director of Microsoft India's Government Affairs and Public Policy, reiterated the need for robust mechanisms of cooperation between the government and the private sector. Given the increasing dependence on the internet, Mr. Jiten Jain, CEO of India Infosec Consortium, called for greater investment in cyber security. Finally, Mr. Pawan Duggal, an Advocate of the Supreme Court of India, urged for the updating of existing legal frameworks to deal with crimes on ‘draknet’ mobile and social media platforms. This would require a review of electronic evidence rules and stronger capacity building.
The second panel tackled the issue of online radicalisation. Mr. Alok Joshi, Chairman of the National Technical Research Organisation, sized up the threat of ISIS by pointing out how the very concept of a caliphate has injected a transnational element to the movement. Mr. Ajai Sahni, Executive Director of the Institute for Conflict Management, highlighted the complexities of online radicalisation and shared about the structural deficits that impede effective government action. He however noted that the lower incidence of radicalisation in India arises from the fact that the subcultures, which are conducive for radicalisation, are fortunately not present here. Acknowledging the new threat of online radicalisation, Mr. P. C. Haldar, the former Director of the Intelligence Bureau and a member of the National Security Advisory Board, called for the creation of a protocol to manage the requirements of privacy and public safety.
The last panel discussion of the seminar dealt with the police response to cyber crime. Recognising the crucial question of legality and illegality, Mr. Ramanjit Chima, the Head of Google's Public Policy and Legal Team, reiterated the need for greater dialogue between the government and private sector. He added that the subsequent steps to prevent, prosecute and coordinate can only be taken when a legal framework has been established. Mr. Arun Mohan Sukumar, Head of ORF's Internet Governance Initiative, opined that the Government of India's position on cyber security required more clarity and coherence. India, as a net requester of online information, has had to work with the US Department of Justice (DOJ) since US laws prohibit direct sharing of information from social media companies to foreign governments. This process has proven challenging for India since the US DOJ has no incentive to facilitate this process.
Overall, India does not possess adequate institutional mechanisms as well as a coherent strategy to deal with cyber crime. This is evident from the fact that out of the 29 States and seven UTs, only 19 States and two UTs possess cyber crime cells. However, it is hoped that this conference would have raised greater awareness and spurred urgent action to remedy the cyber gaps at the state and national level.
With additional inputs by M. Koo, Researcher, Observer Research Foundation, New Delhi.
The views expressed above belong to the author(s). ORF research and analyses now available on Telegram! Click here to access our curated content — blogs, longforms and interviews.