Cyber Security: Laws & Regulating Bodies

Cyber Law is very important because it touches all aspects of transactions on the Internet. Cyber Law concerns each and every individual concerning the Internet. Fortunately or unfortunately, the human mind can be very ingenious once it decides to do something. In that regard, cyber criminals keep coming up with ingenious ways to perpetuate a crime. And, responsible citizens and legal and regulating bodies should also channelise developing effective legal and regulatory mechanisms and the IT world should continue to up the game on protection mechanisms and best practices.

Regarding Cyber Crime, the courts take cognizance of various kinds of frauds being committed. The victims can file for civil damages or wait for the culprits to be nabbed and be tried under various provisions.

Various Cyber Security Regulating Bodies in India

Some of the key cyber security regulating bodies in India are:

Computer Emergency Response Team (CERT-In)
National Critical Information Infrastructure Protection Center (NCIIPC)
Cyber Regulations Appellate Tribunal (CRAT)
Securities and Exchange Board (SEBI) of India
Insurance Regulatory and Development Authority (IRDAI)
Telecom Regulatory Authority of India (TRAI) & Department of Telecommunications (DoT)

Like any body or personnel, the nation also has some critical infrastructure, which when damaged can cause national security issues or cause severe handicap to the economy. So, all the assets of the nation are divided into critical infrastructure and non-critical infrastructure. Critical Information Infrastructure (CII) is defined by the Parliament as “facilities, systems or functions whose incapacity or destruction would cause a debilitating impact on national security, governance, economy and social well-being of a nation.”

Power and Energy Sector
Banking, Financial Services, and Insurance
Telecommunications & Information
All Government Industries
Strategic & Public Enterprises
Transportation

To protect this critical infrastructure, there is a body called National Critical Information Infrastructure Protection Center (NCIIPC) established in 2014 under the Section 70A of the IT act. This comes under the PMO directly.

To analyze any cybersecurity issues and cyberthreats and breaches on non-critical infrastructure, a main nodal body was established called Computer Emergency Response Team (CERT-In). This body is responsible to mitigate cyber risks, first response to cyber attacks, coordinate digital forensics, and recommend best practices and guidelines. This body comes under the Jurisdiction of Information Technology and according to the rules under this jurisdiction, all data centers, service providers, and intermediaries should report any cyber security incident within 6 hours.

In case of a cyber attack incident, the main examining body that is responsible to check all witnesses, verify facts and cyber evidence, ensure all electronic evidence is correct, and review final decisions of the court is the Cyber Regulations Appellate Tribunal (CRAT). This body comes under the Section 62 of IT Act 2000.

Some of the Common Protections against Cyber Attacks available are:

Section 65 – Tampering with Computer Source Documents

A person who intentionally conceals, destroys or alters any computer source code (such as programmes, computer commands, design and layout), when it is required to be maintained by law commits an offense and can be punished with 3 years’ imprisonment or a fine of 2 Lakhs INR or both

Section 66 – Using password of another person

If a person fraudulently uses the password, digital signature or other unique identification of another person, he/she can face imprisonment up to 3 years or/and a fine of 1 Lakh INR.

Section 66D – Cheating using computer resource

If a person fraudulently uses the password, digital signature or other unique identification of another person, he/she can face imprisonment up to 3 years or/and a fine of 1 Lakh INR.

If a person captures, transmits or publishes images of a person’s private parts without his/her consent or knowledge, the person is entitled to imprisonment up to 3 years of fine up to 2 Lakhs INR or both.

A person can face life imprisonment if he/she denies an authorized person the access to the computer resource or attempts to penetrate/access a computer resource without authorization, with an aim to threaten the unity, integrity, security or sovereignty of the nation. This is a non-bailable offense.

Section 67 – Cheating children

If a person captures, publishes or transmits images of a child in a sexually explicit act or induces anyone under the age of 18 into a sexual act, then the person can face imprisonment up to 7 years or fine up to 10 lakhs INR or both.

Section 69 – Sovereignty of the Country

If the government feels it necessary in the interest of sovereignty and integrity of India, it can intercept, monitor or decrypt any information generated, transmitted, received or stored in any computer resource. The power is subject to compliance of procedure. Under section 69A, the central government can also block any information from public access.

Section 43A – Data Protection at a Corporate Level

If a body corporate is negligent in implementing reasonable security practices which causes wrongful loss or gain to any person, such body corporate shall be liable to pay damages to the affection person.

Hope this post is useful to provide a basic understanding of cyber security setup within a country and the basic legal structure for protection, thank you.

In our Ethical Hacking classes, we provide full knowledge from computer networks to cryptography and steganography, and teach students about the best practices and best ways to avoid becoming targets to phishing and cybersecurity incidents.