The Mumbai terrorist attacks on 26/11 has been frequently referred to in India as the “9/11 of India”. In terms of the impact it has created in the country it is definitely a fair comparison.

However, what the Indian population has been wondering is whether our country can respond to this situation as strongly as US did after 9/11/2001 as a result of which no terrorist attack has occured in US since then. The intensity of the feelings prevailing in India has made every Citizen sit up and ask himself what he can do for the Country to stop the evil of terrorism.

It is in this context that Cyber Law College, a dedicated Cyber Law education center in India primarily operating as a Virtual institution thought it necessary to formulate a response of the Netizens to terrorism and more particularly to what is often referred to as “Cyber Terrorism” and arranged a Round Table Discussion on the subject of “Cyber Terrorism” at Bangalore on 6th December.

A small group of professionals committed to the cause met and exchanged their views and charted an action plan for further activities in contributing to the fight against “Cyber Terrorism”.

The Round Table discussed on four sets of issues namely the legal issues, IT industry issues, the measures which US took after 9/11 and actionable tasks that are required at present.

The group felt that though the proposed amendments to ITA 2000 is expected to include a section on “Cyber Terrorism”, it would be grossly insufficient and the Government of India (GOI) should not feel complacent that “Cyber Terrorism has been tackled”. It highlighted that apart from having an effective definition, operational issues such as the “Powers of the police” and “Admissibility of Evidence” needs to be further amended in favour of the law enforcement for offences classified as “Cyber Terrorism” as against offences classified as “Cyber Crime”.

Debating on the definition of “Cyber Terrorism” used by FBI and US National Infrastructure Protection Center, it was felt that both the definitions make it dependent on “Violence in physical space” and could be restricted to only those cases in which there is loss of human life or destruction of physical property. It was felt that these offences are already covered as “Terrorism” in the normal laws and if the definition of “Cyber Terrorism” has to make a difference, then it is essential to  expand the definition of “Violence” to include destruction of virtual property too.

It was also felt that Terrorist support activities on the Internet such as propaganda, rumour mongering, money laundering etc also need to be covered. It was also recognized that the US definition require “political” agenda where as “Religious” agenda of the perpetrators may not be adequately covered.

It was therefore felt that ITA 2000 should ensure that a restrictive definition of Cyber Terrorism should not be used.

On the industry front, it was discussed that the IS efforts presently adopted may not fully take into account the possibility of cyber terror attacks and the IS practices need to be refined to ensure that risks arising out of Cyber terror attacks are adequately mitigated.

It was felt that on the lines of the Department of Home Land Security, India should also set up a national agency to oversee all activities connected with the fight against Cyber Terrorism.

In particular the need for an “Indian PATRIOT Act” creating a comprehensive legislative framework was strongly felt necessary in India. Such an act was felt useful to enable “Counter intelligence measures” to be put on a proper legislative frame work. It was felt that individuals who often use their skills to carry out Cyber attacks in retaliation to web defacements should be put on guard that they may actually be indulging in “Cyber terrorism” as defined in victim countries.

It was indicated that Pakistan has recently passed a legislation which provides for  life imprisonment and also death penalty for Cyber Terrorist acts and our technologists need to be restrained from taking law into their own hands. On the other hand, the group urged that the GOI should introduce a mechanism by which services of ethical hackers are used by the Government for counter intelligence and where necessary counter attacks but under a strict control of a law enforcement agency.

The group also highlighted the need to bring the Netizens under the national security framework by creating suitable security awareness so that the presence of “botnets” are reduced and security breaches as are common in WiFi networks  are reduced substantially.

In order to follow up on various suggestions made during the discussion and to extend the reach of the group, it was decided to formally call the group as the “Indian National Cyber Security Forum” and reach out to other similar thinking individuals to contribute ideas on how Netizens can participate in the national cyber security plans. 

It was decided to have further meetings both in Bangalore and other places such as Chennai to take the discussions forward.It was agreed that the members will take up the recommendations to other fora and the Government for further processing so that significant improvements can be brought into the system of Cyber Security in India.

Naavi 

[P.S: This is a brief report on the first meeting of the National Cyber Security Forum held at Bangalore on December 6, 2008, an initiative of the Naavi’s Cyber Law College]

Be Sociable, Share!