CYBERSECURITY: ISSUES AND CHALLENGES

A Project submitted in partial fulfilment of the course CYBER LAW in 9th

SEMESTER during the Academic Year 2020-2021

SUBMITTED BY:
Sweta Kumari
Roll No. - 1658
B.B.A LL.B

SUBMITTED TO:
Mr. Kumar Gaurav
FACULTY OF “CYBER LAW”

OCTOBER, 2020

CHANAKYA NATIONAL LAW UNIVERSITY, NAYAYA NAGAR,

MEETHAPUR, PATNA-800001
 DECLARATION BY THE CANDIDATE

I hereby declare that the work reported in the B.B.A. LL.B (Hons.) Project Report entitled
“CYBERSECURITY: ISSUES AND CHALLENGES” submitted at Chanakya National Law
University; Patna is an authentic record of my work carried out under the supervision of Mr.
Kumar Gaurav. I have not submitted this work elsewhere for any other degree or diploma. I
am fully responsible for the contents of my Project Report.

(Signature of the Candidate)

SWETA KUMARI
Chanakya National Law University, Patna

i
 ACKNOWLEDGEMENT

“IF YOU WANT TO WALK FAST GO ALONE

IF YOU WANT TO WALK FAR GO TOGETHER”

A project is a joint endeavour which is to be accomplished with utmost compassion, diligence

and with support of all. Gratitude is a noble response of one’s soul to kindness or help
generously rendered by another and its acknowledgement is the duty and joyance. I am
overwhelmed in all humbleness and gratefulness to acknowledge from the bottom of my
heart to all those who have helped me to put these ideas, well above the level of simplicity
and into something concrete effectively and moreover on time.
This project would not have been completed without combined effort of my revered Cyber
Law teacher Mr. Kumar Gaurav whose support and guidance was the driving force to
successfully complete this project. I express my heartfelt gratitude to him. Thanks are also
due to my parents, family, siblings, my dear friends and all those who helped me in this
project in any way. Last but not the least; I would like to express my sincere gratitude to our
Cyber Law teacher for providing us with such a golden opportunity to showcase our talents.
Also this project was instrumental in making me know more about the Cyber security: Issues
and Challenges. This project played an important role in making me understand more about
Cyber security: Issues and Challenges in the Cyber Law. It was truly an endeavour which
enabled me to embark on a journey which redefined my intelligentsia, induced my mind to
discover the intricacies involved in the competency of the people in Cyber security: Issues
and Challenges.
Moreover, thanks to all those who helped me in any way be it words, presence,
Encouragement or blessings...

- SwetaKumari
- 9th Semester
- B.BA LL.B

ii
 TABLE OF CONTENTS

DECLARATION BY THE CANDIDATE.................................................................................i

ACKNOWLEDGEMENT.........................................................................................................ii

TABLE OF CONTENTS..........................................................................................................iii

AIMS AND OBJECTIVES......................................................................................................iii

RESEARCH QUESTION.........................................................................................................iv

HYPOTHESES.........................................................................................................................iv

RESEARCH METHODOLOGY..............................................................................................iv

SOURCES OF DATA................................................................................................................v

LIMITATIONS..........................................................................................................................v

INTRODUCTION......................................................................................................................1

MEANING, IMPORTANCE AND TYPES OF CYBERSECURITY......................................3

PRINCIPLES AND INCIDENTS OF CYBERSECURITY......................................................6

EMERGING ISSUES AND CHALLENGES OF CYBERSECURITY...................................9

NATIONAL CYBER SECURITY POLICY 2013..................................................................13

CONCLUSION & SUGGESTIONS........................................................................................15

BIBLIOGRAPHY....................................................................................................................18

iii
 AIMS AND OBJECTIVES

The Aims and Objectives of this project are:

 To know about the purpose and importance of Cyber Security.
 To study the emerging issues and challenges of Cyber Security faced by the
organisations.
 Gain greater knowledge about the topic concerned.

RESEARCH QUESTION

 What is Cyber Security?

 How to create a successful Cyber Security strategy?
 What are the emerging issues and challenges in Cyber Security?
 What are the objective of National Cyber Security Policy?

HYPOTHESES

 Digitization brings with it endless opportunities for innovation. It still has a long way
to go before becoming a fully secure ecosystem that is programmed to regulate and
control itself. Decision-makers should ensure that all systems in their company adhere
to the latest high-security standards.
 Employees must also be trained in basic cyber-security protocols too. This
is especially true of non-tech employees. For instance, everyone needs to know how
to identify a phishing email and how to quarantine it, while notifying the proper
authority, both internal and external.

iv
 RESEARCH METHODOLOGY

For this study, doctrinal research method was utilised. Various articles, e-articles, reports and
books from library were used extensively in framing all the data and figures in appropriate
form, essential for this study.
The method used in writing this research is primarily analytical.

SOURCES OF DATA

In order to complete the research study, the researcher will collect the material through
various primary and secondary sources of data.

PRIMARY SOURCES such as the occasional policy papers of the State, statutes,
commentaries, case-law, juristic opinions, policy formulations of various governmental
bodies, the reports published by governmental, non-governmental and international
organisations.

SECONDARY SOURCES reviewing the text books, existing literature on the area, the
views and perspectives of stake holders, policy makers and all other relevant sections of
the society which includes the efforts of charitable organizations, non-governmental
organizations and philanthropists.

LIMITATIONS

Since the researcher is a student of law, she has access to a limited area and knowledge.
The researcher having only a preliminary knowledge of the subject could understand the
problem clearly but was faced with constraints.

The researcher has limited time for the project. The historical need and background are
also necessary for having a bird’s eye view of the particular topic and it gets developed

v
only by effective and extended reading over a long period of time. The researcher has a
restricted access to information and sources for reasons beyond her control. But the
researcher will still attempt to take out the best possible work.

vi
 INTRODUCTION

Cyberspace comprises IT networks, computer resources, and all the fixed and mobile devices
connected to the global Internet. A nation’s cyberspace is part of the global cyberspace; it
cannot be isolated to define its boundaries since cyberspace is borderless. This is what makes
cyberspace unique. Unlike the physical world that is limited by geographical boundaries in
space—land, sea, river waters, and air—cyberspace can and is continuing to expand.
Increased Internet penetration is leading to growth of cyberspace, since its size is proportional
to the activities that are carried through it.
Nations are investing heavily in their ICT infrastructures with a view to providing higher
bandwidths, integrate national economies with the global marketplace, and to enable citizens
or “netizens” to access more and more e-services.
Given the security problems, there is increased emphasis on, and investment in, the security
of cyber infrastructure. Core Internet protocols are insecure, and an explosion of mobile
devices continues to be based on the same insecure systems. This is adding up to increased
usage of the Internet in more vulnerable cyberspace.
Protection of critical infrastructure operations has emerged as a major challenge. This is
because trillions of dollars move through the networks every day involving a broad range of
activities, including e-commerce, e-governance, travel, hospitality, health care, and general
communications. Electricity distribution, water distribution, and several other utility services
are based on ICT infrastructures. The defense sector relies heavily on electronic systems.
Critical infrastructure is largely owned and operated by the private sector. But is security only
the private sector’s responsibility? Does this mean that government has a lesser role? These
are some of the important cybersecurity issues that nations are grappling with. At an
organizational level, too, cybersecurity is not merely a technology issue, but a management
issue. This is grounded in enterprise risk management, which calls for an understanding of
the human, process, legal, network, and ICT security aspects.
It is obvious that multiple agencies are involved in securing ICT infrastructure. These include
private operators for their respective pieces of the infrastructure. Their efforts need to be
firmly coordinated through an integrated command-and-control entity, which should serve as
a unifying structure that is accountable for cybersecurity.
Roles and responsibilities of each of the parties need to be clearly defined. At the same time,
governments need to establish the appropriate policy and legal structures. Nations, such as

1|Page
the United States, have advocated for a market-based, voluntary approach to industry
cybersecurity as part of the National Strategy to Secure Cyberspace. But this has not worked
entirely, because security investments made by industry, as per their corporate needs, are not
found to be commensurate with the broader national interest. How will the additional private
investments be generated? Is there a case for government incentives, as part of an incentive
program to bridge the gap between those security investments already made and those
additional ones that are needed to secure critical infrastructure?
Several security surveys point to this need. They reveal a lack of adequate knowledge among
executives about security policy and incidents, the latest technological solutions, data
leakage, financial loss, and the training that is needed for their employees.
Since cyberspace is relatively new, legal concepts for “standards of care” do not exist. Is
there a case for governments to offer incentives to generate collective action? For example,
they could provide reduced liability or tax incentives as a trade-off for improved security,
new regulatory requirements, and compliance mechanisms. Governments need to provide
incentives for industry to invest in security at a level that is not justified by corporate business
plans.

2|Page
 MEANING, IMPORTANCE AND TYPES OF CYBERSECURITY

Cyber Security refers to the technologies, processes and practices designed to protect

networks, devices, app and data from any kind of cyber-attacks. Cyber security may also
known as information technology (IT) security.
Cyber Security is all about protecting your devices and network from unauthorized access or
modification. The Internet is not only the chief source of information, but it is also a medium
through which people do business.
Cybersecurity Definition:
Today, people use the Internet to advertise and sell products in various forms, communicate
with their customers and retailers, and perform financial transactions. Due to this, hackers
and cybercriminals use the internet as a tool to spread malware and carry out cyber attacks.
Cybersecurity aims to protect the computers, networks, and software programs from such
cyber attacks. Most of these digital attacks are aimed at accessing, altering, or deleting
sensitive information; extorting money from victims; or interrupting normal business
operations.1
Types of Cybersecurity
Cyber Security is classified into the following types:
 Information Security
Information security aims to protect the users' private information from unauthorized access,
identity theft. It protects the privacy of data and hardware that handle, store and transmit that
data. Examples of Information security include User Authentication and Cryptography.
 Network Security
Network security aims to protect the usability, integrity, and safety of a network, associated
components, and data shared over the network. When a network is secured, potential threats
gets blocked from entering or spreading on that network. Examples of Network
Security includes Antivirus and Antispyware programs, Firewall that block unauthorized
access to a network and VPNs (Virtual Private Networks) used for secure remote access.
 Application Security
Application security aims to protect software applications from vulnerabilities that occur due
to the flaws in application design, development, installation, upgrade or maintenance phases.
 Operational security 

1
AnirudhRastogi, Cyber Law, Lexis Nexis, 2014

3|Page
This includes the processes and decisions for handling and protecting data assets. The
permissions users have when accessing a network and the procedures that determine how and
where data may be stored or shared all fall under this umbrella.2
 Disaster recovery and business continuity 
Disaster recovery and business continuity define how an organization responds to a cyber-
security incident or any other event that causes the loss of operations or data. Disaster
recovery policies dictate how the organization restores its operations and information to
return to the same operating capacity as before the event. Business continuity is the plan the
organization falls back on while trying to operate without certain resources.
 End-user education 
This addresses the most unpredictable cyber-security factor: people. Anyone can accidentally
introduce a virus to an otherwise secure system by failing to follow good security practices.
Teaching users to delete suspicious email attachments, not plug in unidentified USB drives,
and various other important lessons is vital for the security of any organization.3

Why is Cybersecurity Important?

The infamous cyber attacks such as the GoldenEye and WannaCryransomware attacks have
crippled several organizations and forced many to shut down their operations. In the wake of
these sophisticated cyber attacks and security breaches, cybersecurity has taken the spotlight
among organizations of all sizes.
New variants.New tactics. Cyber threats continue to evolve. Not only have we seen an
increase in cyber attacks on businesses and individuals, but the level of sophistication in
those cyber attacks have also increased, as well.4
In the years to come, there will be even more advanced cyber attacks using new technologies,
victims, and intentions. There will be a dramatic rise in the availability of Ransomware-as-a-
Service and Malware-as-a-Service on the dark web. It will allow anyone, no matter their
technical knowledge, to easily and quickly initiate a cyber attack.
Nevertheless, owing to the extent of damages caused by cyber attacks in the past, now there
is a much greater awareness about the cyber attacks and the need for better

2
https://www.toptal.com/finance/finance-directors/cyber-security
3
Hemavathy (2010), “Emerging Cyber Threats and Counter Measures for Protecting Defense Network”
Proceedings from Conference on Cyber Security, “Emerging Cyber Threats & Challenges, (2010)” CII,
Confederation of Indian Industry, Chennai
4
Ibid.

4|Page
cybersecuritymeasure among organizations of all types. This will serve as a motivation for
cybercriminals to up their game by staging new and more sophisticated attacks in the future.5
Wide-ranging security vulnerabilities, faster and more sophisticated cyber attacks are all
making it extremely difficult for security experts to prevent those threats. Thus, there should
be a proper cybersecurity plan in place to prevent cyber attacks from causing any damage.
The ComodoCybersecurity is a global innovator of cybersecurity solutions, offering unique
cybersecurity solutions that cater to the need of organizations of all sizes.
ComodoCybersecurity provides complete end-to-end security solutions. Our solutions offer
360-degree protection across the boundary, internal network, and endpoint against even the
most advanced malware threats, both known and unknown.

5
https://blog.logsign.com/cyber-security-issues-and-challenges-in-2019/

5|Page
 PRINCIPLES AND INCIDENTS OF CYBERSECURITY

The principles or the steps to cybersecurity are for enterprises and businesses that are looking
to protect themselves from the attacks in cyberspace. It’s a 10 steps guidance which was
originally produced by NCSC (National Cyber Security Center).

1. Risk Management Regime

A risk management regime should be set up which mainly consists of applicable policies and
practices that must be established, streamlined and should effectively be communicated to all
the employees, contractors and suppliers to assure that everyone is aware of the approach,
e.g., how decisions are made, about risk boundaries, etc.
The risk management regime should be supported by governance structure which should be
strong enough and should constitute a board of members and senior members with expertise
in a given area.6
2. Secure Configuration
Establish policies that would secure the organization’s security perimeter, a secure baseline
and processes should be developed for ensuring configuration management. One must also
disable or remove unnecessary functionality from the system which always lies at the high
end of security breaching. All the software and systems should be regularly patched to fix
loopholes that lead to a security breach. Failing to any of the mentioned strategies might lead
to an increased risk of compromise of systems and information.
3. Network Security

6
https://www.cyber.gov.au/acsc/view-all-content/guidance/cyber-security-principles

6|Page
connecting to an unsecured network, for an instance – HTTP, over the internet, poses a big
risk of getting your systems to be attacked or infected by bugs that lie at the other end. So
policies and appropriate architectural and technical responses must be established which will
serve as a baseline for networking. It will ensure the inbound and outbound networking rules
that must be implemented to secure your network perimeter. E.g., the inbound connections
(outside to inside) should first face the network firewall and should be filtered for threats and
then finally should be passed to the destination system. By implementing these policies, any
organization can reduce the chances of becoming a victim of cyber-attack. Furthermore,
SIEM (security information and event management) solution should further be implemented;
SOC centers should be established to use the technologies to effectively monitor your
network.7
4. Managing User Privileges
All the users should be provided with reasonable (and minimal) access privileges that would
allow them to just go fine with their work. If users are granted more access than they need, it
will be misuse and a much bigger risk to information security. Also, the granting of highly
elevated privileges should be very carefully controlled and managed.
5. User Education and Awareness
End users and organization’s people play a vital role in keeping an organization safe and
secure. If end-users are not aware of the policies, risk management regime that has been set
and defined by the organization, these policies will fail its purpose. End-users must be
provided with security awareness training and regular training should be conducted to ensure
the users are aware of the organization’s policies and threats that may lead to security
breaches. On the other hand, the cybersecurity professionals of the organization should be
highly trained and should be ready to combat mode at any point in time if any breaches
happen.8
6. Incident Management
A SIEM solution will always create security-related incidents to you. An organization should
establish effective incident management policies to support the business and ensure security
throughout the organization and at all the endpoints, endpoints at rest (Like desktop) as well
as endpoints in motion (Like laptops, Mobile Phones, etc.).
7. Malware Prevention

7
https://www.cyber.gov.au/acsc/view-all-content/guidance/cyber-security-principles
8
Ibid.

7|Page
It requires the establishment of policies that directly address the business processes that are at
the forefront of getting infected by malware such as email, web, personal devices, USB. E.g.,
a policy should be established which will restrict USB access to computers, similarly, other
policy may restrict outbound internet request, etc., all depending upon situations and needs.
Separate expertise solutions should be implemented to protect each forefront
from malware such as email threat protection for emails, network analyzer like IDS, IPS and
firewalls for networking and any web requests, managing profiles to monitor organization
data at the end user’s mobile, etc. The endpoints should be very effectively protected by
implementing anti-virus solutions that can detect, prevent and remediate malware from
endpoints.
8. Monitoring
A monitoring strategy and solution should be created in order with the help of which an
organization will have complete visibility of the security posture. It is also be used to create
another layer of security when security breaches are passed by our detection and prevention
system but the monitoring solution detects it and creates a security incident. E.g. you
endpoint solution was able to detect the malware but it was unable to block or delete that
malware, in that case, the monitoring solution will create a security incident. The solution
will monitor all the inbound and outbound traffic and will integrate with logs from the
firewall, endpoints, NIPS, NIDS, HIPS, HIDS, and other solutions.9
9. Removable Media Controls
Every organization must define its removable media policies and should restrict the use of
removable media as much as possible. If there are cases where their use is unavoidable, the
policy should limit the types of media that can be used and the types of information that can
be shared.
10. Home and Mobile Networking
When users are at home or mobile, they are no longer connecting to the company’s LAN or
WAN. This poses a network risk where organizations do not have control over the internet.
So risk-based policies that support mobile and home working should be established. The
company can also choose to manage the user’s profile on mobile and have control of their
data that is stored on mobile or Home computer.

9
https://www.educba.com/cyber-security-principles/

8|Page
 EMERGING ISSUES AND CHALLENGES OF CYBERSECURITY

In today’s inter-connected world, technologies underpin almost every facet of our society.
Thus, cybersecurity becomes increasingly important, and the challenge lies in dealing with
wide-ranging cyber threats in nearly real-time conditions. The capability to detect, analyze,
and defend against such threats in near real-time terms is not possible without threat
intelligence, data analysis, modeling techniques.
Cyberspace comprises IT networks, computer resources, and all the fixed and mobile devices
connected to the global network. A nation’s cyberspace is part of the worldwide cyberspace;
it cannot be isolated to define its boundaries since cyberspace is borderless. This aspect
makes cyberspace unique and challenging to solve. Unlike the physical world that is limited
by geographical boundaries in space, land, sea, river waters, and air, cyberspace is continuing
to expand. Increased Internet penetration is leading to the growth of cyberspace since its size
is proportional to the activities that are carried through it.10
The pace of change in cybersecurity is quickening as technologies like 5G and artificial
intelligence enable new services, products and modes of communication. 
Most medium and large organisations are coming to terms with the fact that a cyber security
incident is not a factor of ‘if’, but rather ‘when’, however, many operations are still struggling
to translate this into the right security architecture, training and mindset. 
Though varied in their uses, from consumer goods and smart cities to the Industrial Internet
of Things (IoT) and in their level of maturity, nearly all are defined by growing connectivity
and the risks and opportunities this brings. 
Inter-connectivity is one trend from 2019 that will help define 2020. By analyzing it along
with other macro trends spotted in the previous year, we can make the following 2020
cybersecurity predictions with at least some degree of confidence.

Cybersecurity will remain an important topic and on top of the priority list for every
enterprise as it encounters massive amounts of data that are created every single day. 
Cybersecurity is still a significant issue in the minds of every business leader. 

Issues in Cybersecurity are as follows:

10
Mugil, Raja, Mathiyazhagan, Chandrashekhar (2010), “Phishing Ruse over Security Network” Proceedings
from Conference on Cyber Security, “Emerging Cyber Threats & Challenges, (2010)” CII, Confederation of
Indian Industry, Chennai

9|Page
  Cybersecurity Improvements

One of the cybersecurity trends to look out for is the constant need to see the ongoing
development in the relevant regulations concerning cybersecurity.  The dynamic and
rapidly moving nature of cybersecurity becomes a significant regulation that is far too
slow to be considered as a benefit and might restrict the security by building a culture
of compliance with rules and a false sense of security against enemies that are agile,
motivated, and smart.

  Data Theft
The enterprises can expect to come across attackers with changing methodology from
pure data theft and website hacking to attacking data integrity itself. Such attacks,
with an outspoken theft of data, will cause long-term, reputational damage to people
or groups by getting people to question the integrity of their data. Some firms are
already making use of AI to sort and check the integrity of data more efficiently.

 Attackers
Hackers might also appear more organised and commercialised. Furthermore, they
might have their call centers like the ones, which were already witnessed with fake
dating sites. They might find a platform for themselves, where cybercrime is rarely
regarded as a crime, and thereby putting themselves outside their victims' police
powers. 

 Looking Ahead
It’s important that these predictions, which stem from known trends, are acted on as
quickly and effectively as possible.  Doing so will ensure that the promise of next-
generation technology is not derailed, but rather the beginning of a transformative
decade to come.

Challenges in cybersecurity are as follows:

1. Designing secure cyberspace: Experts often say that adequate security needs to be an
integral part of ICT design. Developers have traditionally focused more on features

10 | P a g e
 than safety for economic reasons. Also, many future security needs cannot be
predicted, posing a difficult challenge for designing secure cyberspace. As a result,
our physical-world mental models won’t work in cyberspace. For example, in the
physical world, we assign government the task of border security. But given the
nature of cyberspace, everyone’s network is at the border. In the physical world,
crime is local. You have to be at a location to steal an object, so police have
jurisdictions based on physical boundaries. But in cyberspace you can be anywhere
and carry out the action, so local police jurisdictions don’t work very well. Therefore,
designing a secure cyberspace is a huge challenge.
2. Needed clarity in ownership and responsibility in cybersecurity: Critical
infrastructure is mostly owned and operated by the private sector. But security is not
the private sector’s responsibility. The government also has a vital role to play in the
governance of cyberspace in the civil-sector. These are some of the critical
cybersecurity issues that nations are grappling with. At an organizational level, too,
cybersecurity is not merely a technology issue, but a management issue. It is
grounded in enterprise risk management, which calls for an understanding of the
human, process, legal, network, and ICT security aspect. Roles and responsibilities of
each of the parties need to be clearly defined. At the same time, governments need to
establish appropriate policy and legal structures.
3. An incentive to secure the cyberspace: The structure of economic incentives for
cybersecurity has been called distorted or even perverse. Cybercrime is regarded as
cheap, profitable, and comparatively safe for the criminals. In contrast, cybersecurity
can be expensive, is by its nature imperfect, and the economic returns on investments
are often unsure. Therefore, the challenge here is to reverse this figure to favour
cybersecurity and stakeholders that intend to do so.
4. Building common consensus: Cybersecurity means different things to different
stakeholders, often with little universal agreement on meaning, implementation, and
risks. Substantial cultural impediments to consensus also exist, not only between
sectors but within sectors and even within organizations. Traditional approaches to
security may be insufficient in the hyperconnected environment of cyberspace, but
consensus on alternatives has proven elusive.11

Hemavathy (2010), “Emerging Cyber Threats and Counter Measures for Protecting Defense Network”
11

Proceedings from Conference on Cyber Security, “Emerging Cyber Threats & Challenges, (2010)” CII,
Confederation of Indian Industry, Chennai

11 | P a g e
 5. Ever-changing nature of cybersecurity: Cyberspace operates according to different
rules than the physical world. The nodal nature of a light-speed network means that
concepts like distance, borders, and proximity all work differently, which has
profound implications for security. First, with range significantly reduced, threats can
come from anywhere and from any actor. Second, the borders in cyberspace don’t
follow the same lines we have imposed on the physical world. Instead, they are
marked by routers, firewalls, and other gateways. Proximity is a matter of who’s
connected along what paths, not their physical location.12
6. Legal and Policy Frameworks: Cyberspace is still very new from a legal and policy
point of view. In the modern form, the Internet and cyberspace have existed for only
about 25 years and have changed continuously over that period. Therefore, we have
not developed the comprehensive frameworks we need. Perhaps we should borrow
concepts from the disaster response world, and divide responsibility in a fluid manner
that adapts over time in response to changing circumstances. In disaster response,
preparedness and initial response reside at the local level. 13 If a given incident
overwhelms or threatens to overwhelm local responders, then steadily higher levels of
government can step in. But, if it becomes clear that a nation-state is involved, or even
if there is a mere suspicion that a nation-state is involved, then the national
government would start bringing its capabilities to bear.

12
R. Ganesan, (2010), “Emerging Cyber Security Trends for 2010”, Proceedings from Conference on Cyber
Security, ”Emerging Cyber Threats & Challenges, (2010)” CII, Confederation of Indian Industry, Chennai.
13
Hemavathy (2010), “Emerging Cyber Threats and Counter Measures for Protecting Defense Network”
Proceedings from Conference on Cyber Security, “Emerging Cyber Threats & Challenges, (2010)” CII,
Confederation of Indian Industry, Chennai

12 | P a g e
 NATIONAL CYBER SECURITY POLICY

The National Cyber Security Policy 2013 aims at (1) facilitating the creation of secure
computing environment (2) enabling adequate trust and confidence in electronic transactions
and (3) guiding stakeholders actions for the protection of cyberspace.
The National Cyber Security Policy document outlines a roadmap to create a framework for
comprehensive, collaborative and collective response to deal with the issue of cyber security
at all levels within the country14.
 The need to protect information
National Cyber Security Policy 2013 should be seen as about protecting of information, such
as personal information, financial/banking information, sovereign data etc.
 Information empowers, and in order to empower people with information, we need to
secure the information/data.
 There is a need to distinguish between data which can freely flow and data which
needs to be protected.
 The “National Cyber Security Policy” has been prepared in consultation with all
relevant stakeholders, user entities and public.
 This policy aims at facilitating the creation of secure computing environment and
enabling adequate trust and confidence in electronic transactions and also guiding
stakeholders actions for the protection of cyberspace.
 The National Cyber Security Policy document outlines a roadmap to create a
framework for comprehensive, collaborative and collective response to deal with the
issue of cyber security at all levels within the country.
 The policy recognises the need for objectives and strategies that need to be adopted
both at the national level as well as international level.
 The objectives and strategies outlined in the National Cyber Security Policy
 Articulate our concerns, understanding, priorities for action as well as directed efforts.
 Provide confidence and reasonable assurance to all stakeholders in the country
(Government, business, industry and the general public) and global community, about
the safety, resiliency and security of cyberspace.
 Adopt a suitable posturing that can signal our resolve to make determined efforts to
effectively monitor, deter and deal with cyber crime and cyber attacks.
14
https://www.clearias.com/national-cyber-security-policy-2013/

13 | P a g e
 Salient features of the National Cyber Security Policy 2013
 A vision and mission statement aimed at building a secure and resilience cyberspace
for citizens, businesses and Government.
 Enabling goals aimed at reducing national vulnerability to cyber attacks, preventing
cyber attacks & cyber crimes, minimising response & recovery time and effective
cybercrime investigation and prosecution.
 Focused actions at the level of Govt., public-private partnership arrangements, cyber
security related technology actions, protection of critical information infrastructure
and national alerts and advice mechanism, awareness & capacity building and
promoting information sharing and cooperation.
 Enhancing cooperation and coordination among all the stakeholder entities within the
country.
 Objectives and strategies in support of the National Cybersecurity vision and mission.
 Framework and initiatives that can be pursued at the Govt. level, sectoral levels as
well as in public-private partnership mode.
 Facilitating monitoring key trends at the national level such as trends in cyber security
compliance, cyber attacks, cyber crime and cyber infrastructure growth.
 A National and sectoral 24X7 mechanism has been envisaged to deal with cyber
threats through National Critical Information Infrastructure Protection Centre
(NCIIPC).
 A mechanism is proposed to be evolved for obtaining strategic information regarding
threats to information and communication technology (ICT) infrastructure, creating
scenarios of response, resolution and crisis management through effective predictive,
prevention, response and recovery action.

14 | P a g e
 CONCLUSION & SUGGESTIONS

Nations are investing heavily in their ICT infrastructures intending to provide higher
bandwidths, integrate national economies with the global marketplace, and to enable citizens
to access more e-services. Given the security problems, there is an increased emphasis on,
and investment in, the security of cyber infrastructure. Core Internet protocols are insecure,
and an explosion of mobile devices continues to be based on the same unstable systems. This
is adding up to increased usage of the Internet in more vulnerable cyberspace.
Cyberspace has been called the fastest evolving technology space in human history, both in
scale and properties. New and emerging features and applications — especially social media,
mobile computing, big data, cloud computing, artificial intelligence, and the Internet of
Things — further complicate the evolving threat environment.
In today’s digital age, cybersecurity has become increasingly critical for large corporations
and small startups alike. Today, the stakes are higher than ever, as “every company has
become a tech company.” Technology has become more than a supplement to a company’s
operations, and in many cases, the assets living on their network are their core operations.
This is compounded by the fact that hacks are becoming commonplace due to the rise of
mobile usage and internet of things, as well as the growing ecosystem of cybercriminals 15.
Cyber security is a vast topic that is becoming more important because the world is becoming
highly interconnected, with networks being used to carry out critical transactions. Cyber
crime continues to diverge down different paths with each New Year that passes and so does
the security of the information. The latest and disruptive technologies, along with the new
cyber tools and threats that come to light each day, are challenging organizations with not
only how they secure their infrastructure, but how they require new platforms and
intelligence to do so. There is no perfect solution for cyber crimes but we should try our level
best to minimize them in order to have a safe and secure future in cyber space.
Suggestions
 The challenges can be under surveillance and methodical steps can be taken to avoid
such malpractices. To solve data theft problem, online space must regulate the use of
data and clearly indicate when information will be shared provided by the users. The
user can then choose to opt out, leaving personal information restricted to the space

Update on Litigation Involving Facebook and Maximilian Schrems, Explanatory Memo, Data Protection
15

Commissioner,https://goo.gl/8eupnN

15 | P a g e
 for which it was deliberated. When software online contains bugs or viruses, it is
fairly easy for cyber criminals to gain personal information. Large technology firms
should collaborate and create solutions that to increase security for their customers.
Security controls need to move outward, beginning at the application level where such
frauds can be caught easily. When there are no unified monitoring methods, firms
become vulnerable.
 With cloud hovering our lives with all our data it is imperative to protect our cloud
space. With growing technology, the growth of cybercrime is evident but measure
taken early and effectively can avoid cyber mishaps both big and small.

 CYBER SECURITY TECHNIQUES

 Access control and password security
The concept of user name and password has been fundamental way of protecting our
information. This may be one of the first measures regarding cyber security.
 Authentication of data
The documents that we receive must always be authenticated be before downloading that is it
should be checked if it has originated from a trusted and a reliable source and that they are
not altered. Authenticating of these documents is usually done by the anti virus software
present in the devices. Thus a good anti virus software is also essential to protect the devices
from viruses.
 Malware scanners
This is software that usually scans all the files and documents present in the system for
malicious code or harmful viruses. Viruses, worms, and Trojan horses are examples of
malicious software that are often grouped together and referred to as malware.
 Firewalls
A firewall is a software program or piece of hardware that helps screen out hackers, viruses,
and worms that try to reach your computer over the Internet. All messages entering or leaving
the internet pass through the firewall present, which examines each message and blocks those
that do not meet the specified security criteria. Hence firewalls play an important role in
detecting the malware.
 Anti-virus software
Antivirus software is a computer program thatdetects, prevents, and takes action to disarm or

16 | P a g e
remove malicious software programs, such as viruses and worms. Most antivirus programs
include an auto-update feature that enables the program to download profiles of new viruses
so that it can check for the new viruses as soon as they are discovered. An anti virus software
is a must and basic necessity for every system.

 CYBER ETHICS
Cyber ethics are nothing but the code of the internet. When we practice these cyber ethics
there are good chances of us using the internet in a proper and safer way. The below are a few
of them:
 Internet is considered as world’s largest library with information on any topic in any
subject area, so using this information in a correct and legal way is always essential.
 Never try to send any kind of malware to other’s systems and make them corrupt.
 Never share your personal information to anyone as there is a good chance of others
misusing it and finally you would end up in a trouble.
 Always adhere to copyrighted information and download games or videos only if they
are permissible.
The above are a few cyber ethics one must follow while using the internet. We are always
thought proper rules from out very early stages the same here we apply in cyber space.

BIBLIOGRAPHY

 Books
1. AnirudhRastogi, Cyber Law, Lexis Nexis, 2014
2. B.G.Gupta (2010), “Security Convergence – Physical & Information” Proceedings
from Conference on Cyber Security, “Emerging Cyber Threats & Challenges, (2010)”
CII, Confederation of Indian Industry, Chennai.

17 | P a g e
 3. Hemavathy (2010), “Emerging Cyber Threats and Counter Measures for Protecting
Defense Network” Proceedings from Conference on Cyber Security, “Emerging
Cyber Threats & Challenges, (2010)” CII, Confederation of Indian Industry, Chennai
4. Mugil, Raja, Mathiyazhagan, Chandrashekhar (2010), “Phishing Ruse over Security
Network” Proceedings from Conference on Cyber Security, “Emerging Cyber Threats
& Challenges, (2010)” CII, Confederation of Indian Industry, Chennai
5. R. Ganesan, (2010), “Emerging Cyber Security Trends for 2010”, Proceedings from
Conference on Cyber Security, ”Emerging Cyber Threats & Challenges, (2010)” CII,
Confederation of Indian Industry, Chennai.
 Websites
1. https://www.toptal.com/finance/finance-directors/cyber-security
2. https://www.dsci.in/content/cyber-security-challenges
3. https://medium.com/@cyberpeacealliance/cybersecurity-issues-challenges-
ce6b5460061e
4. https://blog.logsign.com/cyber-security-issues-and-challenges-in-2019/
5. https://one.comodo.com/blog/cyber-security/what-is-cyber-
security.php#:~:text=Cybersecurity%20Definition%3A&text=Cybersecurity%20aims
%20to%20protect%20the,or%20interrupting%20normal%20business%20operations.
6. https://www.kaspersky.co.in/resource-center/definitions/what-is-cyber-security
7. https://www.educba.com/cyber-security-principles/
8. https://www.cyber.gov.au/acsc/view-all-content/guidance/cyber-security-principles

18 | P a g e