PRADEEP D

20152021026

SECURITY ISSUES FACED IN TECHNOLOGY

AND CYBER SECURITY LAWS IN INDIA
In the last few years, cybercrime, such as phishing, identity theft, and
fraud, have skyrocketed. In the last year itself, India recorded a 16%
jump in the number of cyberattacks across the country. Cybercrime
penetration is likely to continue to intensify. This stresses the
importance of developing more effective and deterrent legal
frameworks as well as more strict laws to combat cybercrime. In the
given scenario, it becomes interesting and even necessary to follow the
existing cybersecurity laws in the country and analyze whether they
provide enough coverage against these crimes or not. So, let’s take a
detailed look at the existing cybersecurity laws in India and what
developments and improvements we can expect in the future.

Increasing Attacks on Cybersecurity System

Cybercrimes are currently ruling major newspaper headlines globally -
cnausing unanticipated damages across industries and individuals. The
predominant forms of cyber thefts include - data breach, identity theft,
financial theft, and internet time thefts, amongst others. Though
cybersecurity is advancing every day, hackers are also constantly
upping their game and finding ways to break into new systems. This
reinforces the need not only for better cybersecurity systems but
robust cyber laws as well. Further, to mitigate the cyber crimes and to
curb the efforts of the fraudsters, lawmakers need to be abreast of the
potential loopholes in the cybersecurity landscape and fix them in real-
time. Persistent efforts with constant vigil are crucial to controlling the
escalating risks nationwide.

Important Cyber Laws in India?

Information Technology Act, 2000

The Indian cyber laws are governed by the Information Technology Act,
penned down back in 2000. The principal impetus of this Act is to offer
reliable legal inclusiveness to eCommerce, facilitating registration of
real-time records with the Government. But with the cyber attackers
getting sneakier, topped by the human tendency to misuse technology,
a series of amendments followed. The ITA, enacted by the Parliament of
India, highlights the grievous punishments and penalties safeguarding
the e-governance, e-banking, and e-commerce sectors. Now, the scope
of ITA has been enhanced to encompass all the latest communication
devices.

The IT Act is the salient one, guiding the entire Indian legislation to
govern cyber crimes rigorously:

• Section 43 - Applicable to people who damage the computer

systems without permission from the owner. The owner can fully
claim compensation for the entire damage in such cases.
• Section 66 - Applicable in case a person is found to dishonestly or
fraudulently committing any act referred to in section 43. The
imprisonment term in such instances can mount up to three
years or a fine of up to Rs. 5 lakh.
• Section 66B - Incorporates the punishments for fraudulently
receiving stolen communication devices or computers, which
confirms a probable three years imprisonment. This term can
also be topped by Rs. 1 lakh fine, depending upon the severity.
• Section 66C - This section scrutinizes the identity thefts related to
imposter digital signatures, hacking passwords, or other
distinctive identification features. If proven guilty, imprisonment
of three years might also be backed by Rs.1 lakh fine.
 • Section 66 D - This section was inserted on-demand, focusing on
punishing cheaters doing impersonation using computer
resources.

Indian Penal Code (IPC) 1980

Identity thefts and associated cyber frauds are embodied in the

Indian Penal Code (IPC), 1860 - invoked along with the Information
Technology Act of 2000. The primary relevant section of the IPC
covers cyber frauds:

• Forgery (Section 464)

• Forgery pre-planned for cheating (Section 468)
• False documentation (Section 465)
• Presenting a forged document as genuine (Section 471)
• Reputation damage (Section 469)

Companies Act of 2013

The corporate stakeholders refer to the Companies Act of 2013 as the

legal obligation necessary for the refinement of daily operations. The
directives of this Act cements all the required techno-legal compliances,
putting the less compliant companies in a legal fix. The Companies Act
2013 vested powers in the hands of the SFIO (Serious Frauds
Investigation Office) to prosecute Indian companies and their directors.
Also, post the notification of the Companies Inspection, Investment,
and Inquiry Rules, 2014, SFIOs has become even more proactive and
stern in this regard. The legislature ensured that all the regulatory
compliances are well-covered, including cyber forensics, e-discovery,
and cybersecurity diligence. The Companies (Management and
Administration) Rules, 2014 prescribes strict guidelines confirming the
cybersecurity obligations and responsibilities upon the company
directors and leaders.
What are Some Issues with Modern-Day Cyber Laws in India?
Cyber Laws in India are governed by the Information Technology Act of
2000, which was last updated in 2008. And that was nearly a decade
ago. Unlike other laws which can be updated in their own time,
Cybersecurity Laws are obligated to keep up with the rapid changes in
the industry. In India, these laws haven't been updated in a long time.

To briefly state what are some of the weaknesses of the existing cyber
laws in India:

• All Social Networking Sites shall be subject to the IT Act and

should allocate a specialized team to respond to requests from
Law Enforcement Agencies (LEAs) as quickly as possible.
• In order to provide service to LEAs, all ISPs must keep records for
at least 180 days.
• Each district court should establish a special Cyber Court to hear
and issue orders in instances that cannot wait for the legal system
to catch up.
• Digital Evidence Authenticators should be required to certify
digital evidence. This will be accomplished by an autonomous
Bureau.
• Websites and services that operate in India should have their own
set of rules. This includes services with foreign roots that operate
in India.
• Indian residents' personal information should be stored on Indian
servers. (In the United States, this is known as HIPAA compliance)
• Payment Banks and Waller Services should be included within
the IT Act's tight requirements, which necessitate a 30-day
resolution period.
 SECURITY ISSUES

A) Computer Virus
The talk about “what are network security threats” always begins with the
computer virus. There are plenty of network security examples in the past to help
you understand the impact a powerful virus like the Trojan can have on
organizations and personal machines. A study revealed that more than 30 percent
of computers in traditional homes can be affected by malware, especially viruses.
These are uniquely designed pieces of code that get distributed via emails and pen
drives (or even hard disks). The virus is known for disabling features and stealing
data from the target machine
B) Rogue Security Software
The talk about the different types of network security threats will remain
incomplete without the rogue security software. These are software programs,
designed to mimic the role played by an antivirus solution. However, the actual
purpose of the rogue software is extremely different. These programs do more
harm than good. They are often advertised as software programs that can remove
viruses. Yet, the actual job accomplished by these pieces of software is to steal user
data, and even leave the machine in a much worse state than, to begin with.
Moreover, the rogue software doesn’t come for free. Most of the time, users need
to pay for these programs.

C) Trojan
As mentioned previously, the virus is one of the biggest network security threats
and solutions have surfaced for years to fight powerful virus programs. Trojan is a
famous virus that hides behind legitimate pieces of software. Many times, this virus
spreads via email that is sent from known people. It can be in the form of an
attachment that is immediately downloaded into your machine.

The moment a Trojan program enters into your machine, it runs along with the
other programs. This allows the virus to extract crucial pieces of information from
your system. The virus is known for hijacking the web camera, and even stealing
account information.

D) Adware and Spyware

Another commonly found form of network security risk would be adware and
spyware. By definition, the adware is considered as a piece of code that can
monitor your online behavior. Pop-ups and advertisements are personalized with
the data from the adware. However, it is strongly believed that adware has the
consent of the user before it collects any piece of information. The adware that
gets downloaded into your machine without your consent can be considered
malicious. On the other hand, spyware follows the same lines as adware. But, the
spyware is focused on stealing personal information like credit card numbers and
passwords.
E) Worms
What are network threats without the famous computer worms? There was a time
when every computer user daunted the presence of worms. These are malware
programs with the ability to spread from machine to machine. Also, these are
known for quick replication. Within a short span of time, the programs can infect
numerous computers.

The worm works by accessing the contacts stored in your machine. This could be
anything like a simple email address or a webpage. Fortunately, not all worms are
designed to result in trouble. These are smart programs that rely on the
vulnerabilities of the software to spread.

F) DDOS Attack
For many years, DOS and DDOS attacks have been recognized as active threats in
network security. These are errors that portray the impression of an overloaded
server. Many times, DDOS attacks surface when a group of people is awaiting
something interesting online. This could be anything like the launch of a product.
There have been occasions when famous search engines like Google have also
become victims of the DDOS attack. Few other terms used to identify such attacks
would be malicious traffic overload, denial of service, or the very famous DoS
Attack.

G) Phishing
Phishing is categorized as a form of social media engineering attacks. Fortunately,
some of the best network security software in the market can help your
organization steer clear from phishing attacks. The goal of these attacks is to fetch
your usernames, credit card numbers, and sensitive data like passwords. These
attacks are often framed in the form of text messages or emails. These messages
look and feel like legitimate requests.

They often trick the recipient into clicking a link or opening an attachment that can
install the malware in the computer of the recipient. Security Trails are a
great example of network security threat protection. These trails can help you
uncover many phishing domains.
H) Rootkit
Rootkit is often categorized under external network security threats. This is a
collection of tools that allow hackers to access computers and networks from
different origins. The tool allows the hacker to serve as the administrator of the
network or machine. This means they have the freedom and authorization to
perform a range of malicious operations.

The Rootkit tool is often accompanied by password hackers, keyloggers, and even
pieces of code to disable antivirus programs in the target machine. Just like many
other forms of modern network security threats, the Rootkits hide behind
legitimate pieces of software.

I) SQL Injection Attacks

Indeed, this is one of the most common network security threats in the industry.
Why? Most companies rely on database services like SQL to store their data. The
technology behind injection attacks has grown by leaps. Today, these threats are
extremely advanced, forcing companies to have multiple layers of security and
projection around their data. SQL Injection attacks are strong data-driven.

J) Man in the Middle Attacks

Finally, we have the Man in the Middle attacks. These are cyber security attacks
where the hacker listens to conversations made over the internet. Conversations
that are meant to be private become exposed because of this attack.