On August 15, 2023, India celebrates its 77th Independence Day. The nation continues to grow at a remarkable rate, both economically and e-conomically. From banking to shopping, India's internet economy is booming. The e-economy of the country in 2030 will account for 12%-13% of the total GDP (up from 4%-5% today), according to a report by Google, Temasek, and Bain and Company.
What does this mean? More digital devices. More connectivity. More risks. And more cybersecurity laws. With the ever so dynamic nature of digital India, the government has taken several measures, in the form of cybersecurity policies and establishing regulatory bodies, to ensure that India is Swachh Bharat (Clean India) in the cyber front too. This blog will take you on a journey through the nation's evolution of cybersecurity policies and regulatory bodies.
For any institution to run smoothly, rules are necessary. With the increasing dependence of the country on the internet, the Government of India formulated numerous regulations to help run the digital space of the country efficiently. Next, we'll briefly explain the evolution of cybersecurity laws and policies in India.
Timeline of Indian cybersecurity policies and regulatory bodies (Click to enlarge)The first law that dealt with cybercrime and e-commerce in the country was the Information Technology Act of 2000. This act regulated digital networks in the country, legalized electronic transactions and digital signatures, and outlined penalty guidelines for crimes associated with computers.
The IT Act was amended in 2008 to define many cybercrimes, including cyber stalking, hacking, identity theft, and unauthorized access to computer systems. It provided more details about penalties and punishments for certain offenses to deter cybercriminals. It also specified penalties for messages sent with negative intention (such as causing danger, inconvenience, insult) through electronic devices. One major amendment in the act that raised concerns was the government's power to monitor, decrypt, and block electronic messages, if necessary.
The 2011 version of the Information Technology Act outlines the criteria to be followed by intermediaries such as online platforms, websites, and any other digital body that hosts, publishes, or shares online content. Four sets of rules: Security Practice Rules, Intermediary Guideline Rules, Cyber Cafe Rules, and Electronic Service Delivery Rules were introduced in this action under section 43A of Information Technology Rules, 2000. These regulations seek to establish a balance between preserving the right to free speech and limiting the use of online platforms for illegal purposes.
This policy aims to make electronic transactions, i.e. public and private digital infrastructure, safe from cyberattacks. It focuses on regulating digital space, developing skilled cybersecurity professionals, establishing regulatory bodies, and creating relationships with various global and national bodies.
National Cybersecurity Strategy report focuses on 21 areas that make India's cyberspace safe, trustworthy, dynamic, secure and adaptable. Some of the areas covered under this report are digitization of public services, supply chain security, small and medium businesses and state level cybersecurity.
With the exponential increase in the usage of social media and over-the-top platforms (OTT) or streaming services, the government passed a new set of rules under the IT Act of 2000. These rules mainly covered areas such as abuse of women and children online, and establish complaint mechanisms for OTT and social media users, regulations for online content creators and protection of online media consumers.
This government initiative was developed to educate citizens about cybercrime and to enhance competencies of CISOs and frontline IT officials. Launched by the Ministry of Electronics and Information Technology, this program is supported by training partners from Microsoft, IBM, Intel, and E&Y among others.
This bill emphasizes protecting personal information and establishes harsh penalties for noncompliance. According to this bill, personal data can be used for legal purposes alone (with the consent of the person) and data fiduciaries will need to make sure that data is safe, secure, accurate and deleted once the need is over. The freedom for people to seek information, make corrections, and have their complaints heard is one of the bill's other major features. It also sanctioned the creation of the Data Protection Board.
To ensure the implementation of the above laws and policies, the government has established many regulatory bodies. They ensure that the internet economy of the country is safe and working smoothly while adhering to cybersecurity regulations.
CERT-In was launched in 2004 under the Ministry of Electronics and Information Technology (MeitY). Its aim is to secure cyberspace in India by performing various functions like coordination in case of cybersecurity incidents; collection, analysis and reporting of these incidents as well as monitoring for cybersecurity breaches and implementation of the Cyber Crisis Management Plan (CCMP) across the entire country.
According to the IT Act of 2000, Critical Information Infrastructure (CII) is any "computer resource, the incapacitation or destruction of which, shall have a debilitating impact on national security, economy, public health or safety". NCIIPC is an organization created in 2014 by the government to protect CII. The NCIIPC has identified six critical sectors: Power and Energy, Banking, Financial Services and Insurance, Telecom, Transport, Government and Strategic and Public Enterprises.
CRAT was established under the IT Act of 2000 to arbitrate disputes associated with cybersecurity and electronic transactions. Like consumers have consumer courts, digital consumers have CRAT. It not only reviews appeals but also monitors the effectiveness of electronic transactions across the nation, fostering a safe e-commerce environment.
This government body was established to provide e-surveillance and threat analysis, meaning it monitors internet traffic to detect any malicious activities 24/7. It screens as well as gathers information shared across the networks and coordinates with multiple agencies, like CERT-In to facilitate cybersecurity in the country.
Launched as a government initiative in 2018 by Ministry of Home Affairs, the Indian Cybercrime Coordination Centre aims to be the one-stop destination for all things cybercrime. This is an open source platform wherein law enforcement agencies from across the world can share expertise and best practices in cybercrime investigations and digital forensics.
Cyber Swachta Kendra is a Botnet Cleaning and Malware Analysis Centre from CERT-In. The centre collaborates closely with internet service providers, the Department of Telecommunications, and others to detect botnets and create a safe online environment. In addition to detecting botnets, the centre can also notify, clean and secure communication channels of end users.
There are other policies and regulatory bodies that ensure India's digital space is safe. These include the Scheme for Cyber Crime Prevention for Women and Children (CCPWC), Know Your Customer (KYC), the Reserve Bank Act of India 2018, the Securities and Exchange Board of India (SEBI), the Insurance Regulatory and Development Authority (IRDAI), and the Telecom Regulatory Authority of India (TRAI).
As the number of homegrown startups and innovation hubs grows in India, the country is also taking steps to cultivate an atmosphere that promotes good cybersecurity and data privacy practices. The introduction of the DPDP in 2023 will be a game changer that propels the country towards more stringent mandates in the future.
As individual citizens, we have the power to improve India's digital landscape. This Independence Day, let us all pledge to be proactive and follow safe internet practices. Here are five things you can do to make the internet a safer place:
Instant messaging safety: Use end to end encrypted messaging apps to ensure that your data is private and safe.
No oversharing: Do not share your passwords, OTPs and other PII online.
Digital literacy: Keep yourself and those around you informed about cybersecurity practices and policies.
Internet safety software: Install antivirus and anti malware software to detect threats at early stages.
Authentication: Use two factor authentication to add an extra layer of safety to your online profiles.
This is represented as "INDIA". After all, the theme for this year's independence day is: "Nation first. Always first."
"Together we are stronger; together we are unbroken; together we can do anything. Together let us break the kill chain." — Jai Hind!
You will receive regular updates on the latest news on cybersecurity.
© 2021 Zoho Corporation Pvt. Ltd. All rights reserved.
