On 18th Oct 2021, while inaugurating the services of Techno-Para-Legal by Mayakshi, Lt Gen (Dr) Rajesh Pant, National Information Security Coordinator felt that there is a need of a Cyber Security Act.

The Information Technology Act 2000 came into being to enable e-commerce and meet India’s commitment to the United Nations. The primary objective was to enable and empower the user to make online transactions that can be recognised by the government and courts. Certain civil and criminal liabilities were introduced to strengthen the confidence in net-based transactions.

The world has moved on since the year 2000, and now information technology impacts every aspect of human life. The nation-states, non-state actors, Cyber terrorists, organised criminals to common mischiefs makers use the Internet-based applications along with the masses. The Information technology Act which is an enabler for the usage of the networks cannot effectively perform the act inhibitor for cyberspace. The involvement of technology has become so great that the Information Technology Act half-baked procedures are being used at par with Major Acts.

Being prevailed to be the first National Information Security Coordinator, I had reasonable insight and experience to share for the good of the nation. Let me share my vision as to how the Cyber Security Act of India should look like. It may far from perfect but probably a first step in the direction. Please share your thoughts in the comment box or write to me.

The Cyber Security Act of India

(only the core part)

Shades of Threats in Cyberspace

• Cyber war

• Cyber social invasion and PsyOps

• Cyber intelligence

• Cyber surveillance

• Cyber Espionage

• Cyber Terrorism

• Cyber Crime

• Cyber infraction

• Innocent errors

Financial Assurance Framework

• Electronic Financial transactions

• E-Commerce

• E-Contract (especially long life e-contracts viz-a-viz life limitation of electronic signature)

• Taxation

  • Physical products and Digital products

  • Transactions Within India

  • Purchases from outside India

  • Sale to outside India entity

• Foreign currency management in online transaction

• Virtual Currency, money laundering and taxation

• Virtual or mixed barter system

Electronic Signature Management

• Managing identification, authentication, accuracy and non-repudiation

• Indian Public Key Infrastructure

• International Public Key Infrastructure

• Organisational Key generation and management infrastructure

• Non-PKI based Electronic signature

• Technology management and technology roll-over

• Electronic signature of devices

• Quantum Key Distribution and cryptology

Standards, Audits, Certification and Accreditation

• International Organisation of Standards

• International Telecommunication Union

• Indian Standards

• National Accreditation Board

• Ministry of Electronics and Information Technology

• Auditing and Certification Framework

• Assurance mechanisms

Support, Sharing and Coordination

• Intra-government coordination

• Critical Infrastructure entities and organisations

• Intra-Sectoral ( Private as well as public)

• With International nations and entities

• Incident reports and periodic returns

• Warning and State of Readiness flag

Decryption and Interception

• Procedures

• Privacy safeguards

• Responsibility and Accountability

  • Citizens

  • Entities

  • Law Enforcement Agencies

  • Service Providers

National Cyber Security Structures

• Cyber Security Commission

• National Information Board

• Cyber Security Regulator

• Web of Certs/ Cyber Coordination Centres

• Department of Electronics and Information Technology

• National Cyber Defence Command

• National Technical Research Organisation

• National Information Infrastructure Protection Centre

• Intelligence Agencies

• Industry Confederations and organisations

• Law Enforcement Agencies

• Judiciary

• Cyber Forensic Labs

• Private Cyber Investigation

International Cooperation

• Inter nation-state investigation procedure

• International Cooperation and coordination for cyber security

• Digital Evidence management and presentation

• Extradition

• Investigation support agreements

Cyber Crime Control

• Computer as a source of crime

• Cyberspaces as a medium for crime

• Computer as a target of crime

• Crime committed by machines of their own

• Inducing for crime or suicide

• Organised cyber crime

• Cyber crime against children

• Consolidation of minor crimes into large crime

• Offender and victim both within Indian Territory but Cyber resources used are outside India

• Offender and victim both outside the Indian Territory but Cyber some resource used are within India

• Offender, victim and resources within India

Electronic Evidence management and investigation procedures

• Qualification and rating of cyber forensic experts, tools and software

• Search procedure for electronic evidence

• Procedure for the seizure of electronic evidence by investigating agency

  • By non-technical investigator

  • With help of Cyber Forensic experts

  • Urgency versus procedure ( where, when and how)

  • Procedure for search and seizures in cases of, Non-Cognizable offences and civil offences

  • Electronic evidence analysis and use of data analytics

  • Privacy, redaction, pseudo-anonymising and anonymising

  • Electronic evidences searched, seized or analysed by the person(s)/ entity(s) outside India.

Offences and infractions

• Civil offences

• Criminal offences

• Regulatory offences

• Disciplinary actions

Future Technologies and conversion of technologies

• Impact of Artificial Intelligence including machine learning

• Impact of convergence of technologies

• Quantum Computing

• Cyber intrusion/crime/war from open seas and space

• Cyber-attack on Space vehicles and satellites

Miscellaneous issues

• Rating Agencies

• Education, awareness and skill development

• Innovation management, Research & Development