CYBER LAW

UNIT-4, NATIONAL CYBER SECURITY POLICY, 2013

SYNOPSIS
 Introduction
 National cyber security policy,2013
 Strategies
 Mission
 Objective/aim
 Cyber security and cyber terrorism

INTRODUCTION
The National Cyber Security Policy is a policy document drafted by the
Department of Electronics and Information Technology (DeitY) in 2013 aimed
at protecting the public and private infrastructure from cyber attacks.
The guideline also seeks to protect the personal information of internet users,
financial and banking information, and sovereign data.

NATIONAL CYBER SECURITY POLICY, 2013

The Government of India issued the National Cyber Security Policy (NCSP) in
2013, which included many tactics for countering cyber security threats.
The purpose of this policy is to provide individuals, companies, and the
government with a secure and dependable cyberspace. It also strives to monitor,
protect, and enhance cybersecurity defences.
Through a mix of institutional structures, procedures, technology, and
collaboration, this Policy intends to secure the information infrastructure in
cyberspace, decrease vulnerabilities, create capacities to avoid and respond to
cyber attacks, and limit damage from cyber events.

NATIONAL CYBER SECURITY POLICY MISSION

To protect information and information infrastructure in cyberspace.
To build capabilities to prevent and respond to cyber threats.
To reduce vulnerabilities and minimize damage from cyber incidents through a
combination of institutional structures, people, processes, technology and
cooperation.
NATIONAL CYBER SECURITY POLICY OBJECTIVES
 To build a safe cyber environment in the country, develop appropriate
trust and confidence in IT systems and cyberspace transactions, and so
increase IT adoption in all sectors of the economy.
 To provide information protection when in process, processing, storage,
and transport to preserve citizen data privacy and reduce economic losses
due to cybercrime or data theft.
 To improve law enforcement skills and allow successful cybercrime
prevention, investigation, and conviction by appropriate legislative
action.
 To raise awareness of the integrity of ICT goods and services by
developing infrastructure for testing and validating their security.
 To give firms financial incentives for adopting standard security
procedures and processes.
 Through a successful communication and promotion approach, a culture
of cyber security and privacy will be established, allowing responsible
user behaviour and activities.

STRATEGIES
National cyber security strategies (NCSSS) are the primary documents used by
national governments to establish strategic directives, goals, and specific actions
to reduce cyber security risk. This section describes the Main Components of
the National Cyber Security Strategy for a deeper understanding of cyber
security strategy
1. Strengthening the Regulatory Framework
To require frequent audits and evaluations of the sufficiency and effectiveness
of information infrastructure security by the regulatory framework.
2. Promotion of Research & Development in cyber security
Encourage R&D to generate cost-effective, tailor-made indigenous security
solutions that address a broader variety of cyber security concerns, with an eye
toward export markets.
To assist the transfer, dissemination, and commercialization of R&D outputs
into commercial goods and services for use in the public and private sectors.
3. Securing E-Governance services
To promote the use of Public Key Infrastructure (PKI) for trustworthy
communication and transactions throughout the government. To hire
information security specialists to help with e-Government projects and to
assure compliance with security best practices.
4. Encouraging Open Standards
To promote the adoption of open standards to improve interoperability and data
sharing among various goods or services.
To encourage the formation of a public-private partnership to increase the
availability of tested and certified IT solutions based on open standards.
5. Creating an assurance framework
Identify and categorise information infrastructure facilities and assets at the
entity level in terms of risk perception to implement appropriate security
protection measures.
To promote secure application procedures that adhere to global best standards.
6. Creating a secure cyber ecosystem
To guarantee that all firms set up a designated budget for developing cyber
security programmes and responding to cyber events.
To offer fiscal schemes and incentives to incentivize entities to establish,
enhance, and update cyber security-related information infrastructure.

CYBER SECURITY AND CYBER TERRORISM

 Cyber security is the practice of defending computers, servers, mobile
devices, electronic systems, networks, and data from malicious attacks.
 It's also known as information technology security or electronic
information security.
 The term applies in a variety of contexts, from business to mobile
computing, and can be divided into a few common categories.
1. Network security is the practice of securing a computer network from
intruders, whether targeted attackers or opportunistic malware.
2. Application security focuses on keeping software and devices free of
threats. A compromised application could provide access to the data its
designed to protect. Successful security begins in the design stage, well
before a program or device is deployed.
3. Information security protects the integrity and privacy of data, both in
storage and in transit.
4. Operational security includes the processes and decisions for handling
and protecting data assets.
Cyber Terrorism basically involves damaging large-scale computer networks to
achieve a loss of data and even loss of life. Hackers make use of computer
viruses, spyware, malware, ransomware, phishing, programming language
scripts, and other malicious software to achieve their purposes.
Also, these types of cyber-attacks which often lead to criminal offenses are
referred to as Cyber Terrorism. These cyber-attacks create panic and physical
damage to a large number of people.
Cyber Terrorism deals with creating damage to the people and their data using
computer networks intentionally in order to achieve their meaningful purpose.
Government Agencies like the FBI (Federal Bureau of Investigations) and the
CIA (Central Intelligence Agency) in the past have detected multiple cyber
attacks and cyber crimes through terrorist organizations.
The main purpose behind carrying out Cyber terrorism is to carry out some
cyberattack that makes a threat.
According to the FBI, a Cyber Terrorism attack is defined as a cybercrime that
may be used intentionally to cause harm to people on large scale using computer
programs and spyware.
A cyber terrorism attack is much more harmful than a normal cybercrime
because to intentional harm to the victims and it may not cause financial
damage to cause fear in society.
In most cases, the criminals target the banking industry, military power, nuclear
power plants, air traffic control, and water control sectors for making a cyber
terrorism attack for creating fear, critical infrastructure failure, or for political
advantage.