The changing nature of cyber threats and warfare has prompted India to build a roadmap to overhaul its existing cybersecurity policy with an eye on challenges like social media, securing critical data and the need for new laws.

Work on overhauling the cybersecurity 2013 policy has started amid the emerging scenario of increasing state-sponsored cyberattacks and organised cybercriminal groups.

While Prime Minister Narendra Modi, in his Independence Day 2020 speech, said that his government is aware of the threats arising from cyberspace and their potential impact to India’s society, economy and development, he also announced that India will soon have a new cybersecurity policy.

India Today has details of the skeletal framework of this new policy that is being planned. A key aspect of the policy is that security strategies are to be planned for short durations of not more than 5 years to ensure they are not outdated.

“India is going through a digital revolution. Keeping this in mind, a new cyber policy is on the cards,” Ravi Shankar Prasad, Minister for Information and Technology, told India Today.

“Soon, a coordinating committee will be in place that will have representatives from all stakeholder departments. Our effort is to put together a common platform for all cyber-related issues and challenges,” he added.

Cyber landscape: Threats and challenges

The National Cyber Security Strategy (2020) is aimed at securing business data, a critical information infrastructure that can impact national security and economy.

Earlier this year, the Narendra Modi government sought views on the new cyber policy based on emerging threats.

“New challenges include data protection/privacy, law enforcement in evolving cyberspace, access to data stored overseas, misuse of social media platforms, international cooperation on cybercrime and cyber terrorism, and so on,” the call for comments seeking views on the subject stated.

“Existing structures may need to be revamped or revitalised. Thus, a need exists for the formulation of a National Cyber Security Strategy 2020,” it added.

According to government data, in 5 years between 2013 and 2018, there was a massive spike in cybercrime cases and of Indian websites being hacked. The increased activity prompted a relook at the existing policy and structures.

From 5,693 cybercrime cases in 2013, the figure jumped to 27,248 in 2018.

Public-Private synergy

There is a need for public-private partnership for formulating policies and regulations. Creating a cybersecurity education programme for the private sector and common masses.

According to the blueprint being prepared, cybersecurity should be made compulsory for all critical sectors of Indian economy. Financial institutes should be brought under a legal framework and there should be punitive measures for any lapses.

There is also a view that all cyber forensic tools should be standardised across the spectrum.

“Enhancing capabilities against such aggressive cyber warfare needs synergy between public and private agencies as both are equally vulnerable,” says Alok Joshi a former chief of the Research and Analysis Wing (R&AW) who later headed the National Techincal Research Organisation (NTRO).

The recent cyberattack has targeted websites in hacking attempts across a spectrum, both private and government-related to information technology and banking.

Cyber law expert Pawan Duggal also feels cyber policy has had a holistic approach. “There is still no clarity on the standard operating procedures both in the public and private sector. Till now various stakeholders were dealing in silos and cybersecurity was a divided turf,” he said.

He said that a dedicated cyber law is also a must for this holistic approach.

For a national approach to deal with the challenges, the regional team of officers from across the country needs to be formed to deal with cybersecurity and social media. Specialised cyber units should be formed at state level comprising officers who have domain knowledge. These are some of the steps discussed in brainstorming sessions for a new strategy.

Eye on Social Media

As part of the information warfare, social media has become a key tool used by adversaries.

Sources say both China and Pakistan have spread misinformation on social media. This has been visible amid the ongoing India-China tussle in Ladakh at the Line of Actual Control over the last three months.

“Social media platforms have often been used for propaganda leading to public order problems,” says an official.

There is a need to tap motivated use of social media by vested interests in disturbing law and order for getting valuable leads.

Sources say it has also been decided that the Ministry of Home Affairs will regularly take up the issue with representatives of social media platforms.

Introduction of artificial intelligence to remove objectionable contents automatically from social media platforms is also being explored.

Legal reforms

Under consideration are also legislative changes to provide immunity for “cyber decoys” in law enforcement agencies as part of the new policy.

Legislative changes are required for law enforcement agencies especially for purposes of using mobile phone data as evidence, sources said.

The mechanism for identifying bogus international bank accounts are also needed without further delays.

Data bank of cybercrimes and criminals is also something that is being planned.

“Use of technology in intelligence generation and detection, data mining and analytics is required to preempt crimes. Police personnel should become members of social media groups for gaining access to valuable information. Dedicated teams are required to filter out matters of concern from social media and analyse them,” says a note on new ways to combat cyber threats.