Tomorrows terrorist may be able to do more damage with a keyboard than with a bomb - National Research Council

Terrorism is spreading all over the world and it is the greatest threat in today's society, Cyber Terrorism is vast spreading. We live in a dangerous world where terrorism gone beyond the Bodily injury It's dangerous and spreading threat to virtual reality.

Cyber Space is culture of Virtual reality, computer, internet or any other device related to information technology for networking.

Access with its literal meaning and cognate expressions means gaining entry into, instructing or communicating with logical, memory function resource of functions.

Terrorism means doing unlawful activities for political reasons or to create a threat in a social environment. Any act which is done to create a threat in peoples mind.

Cyber terrorism in simple words means doing unlawful things, though internet for political purposes, to create hate in the minds of people. Any act which is done through cyberspace to create a threat in the minds of the people or to breach the sovereignty, unity, or integrity of a country, or to provoke people or a group of people against the government. Creating panic or alarm through attacking information system of a country. Cyber terrorism can be defined as electronic attacks from cyberspace from both the internal and external networks, particularly from the Internet that emanate from various terrorist sources with different set of motivations and are directed at a particular target.

Reason for increasing Cyber Terrorism:
There is a rapid growth in cyber terrorism with time, the more we are moving to digital world the more threat we face.

· Spread of terror in large scale: through internet the terror attack could be in a larger scale. As compare to physical attract cyber attack could be done in a larger scale. Attack can be done more than one place at a same time which makes it easy for the attackers.

· Disability of Government functions: Every country is becoming digital all the operations are done through digital process which makes for the attackers a chance to slower down the functions of a country and to Brach the security of that state. Any sector of a govt. broke down it slowed down the all over functions of the nation.

· Easy way to create threat in people mind: Internet is the easiest medium through which threat can be created in the minds of people. It is a global platform to spread treat through social media or any other networking websites it only effect one country at a time but the whole world.

· Easy to execute: as compare to physical attack, virtual attack is easy to done. As the attacker or any person related to don’t have physically presented at the target of the attack. It makes easy for the attacker to execute his attack. They can perform activates across territories.

Section 66F of Information Technology Act, 2000 defines Punishment for cyber terrorism.

66F: Punishment for cyber terrorism. -(1) Whoever,-
(A) With intent to threaten the unity, integrity, security or sovereignty of India or to strike terror in the people or any section of the people by
(i) Denying or cause the denial of access to any person authorized to access computer resource; or
(ii) Attempting to penetrate or access a computer resource without authorization or exceeding authorized access; or
(iii) Introducing or causing to introduce any computer contaminant.

And by means of such conduct, causes or is likely to cause death or injuries to persons or damage to or destruction of property or disrupts or knowing that it is likely to cause damage or disruption of supplies or services essential to the life of the community or adversely affect the critical information infrastructure specified under Section 70; or

(B) knowingly or intentionally penetrates or accesses a computer resource without authorization or exceeding authorized access, and by means of such conduct obtains access to information, data or computer database that is restricted for reasons of the security of the State or foreign relations; or any restricted information, data or computer database, with reasons to believe that such information, data or computer database so obtained may be used to cause or likely to cause injury to the interests of the sovereignty and integrity of India, the security of the State, friendly relations with foreign States, public order, decency or morality, or in relation to contempt of court, defamation or incitement to an offence, or to the advantage of any foreign nation, group of individuals or otherwise, commits the offence of cyber terrorism.

(2) Whoever commits or conspires to commit cyber terrorism shall be punishable with Terrorist’s activities being done by foreign it would be obligatory to read insertion 66F along with Section 75 of this Act.
Imprisonment, which may extend to imprisonment for life.

Ingredients of Cyber Terrorism can be classified in three ways:
1.) Intention: an intention to strike terror in the person's mind or menace to the unity, integrity, security or sovereignty of India, through,
a.) Denial of access to any person from using any virtual resource which he is authorized for
b.) Unauthorized access of computer resource; or
c.) Or introducing or causing to introduce any computer contaminant.

2.) Causing or likely to cause (I) death or injury to person or (ii) damage or destruction of property or (iii) damage or disruption of supplies.
3.) Knowingly or intentionally penetrating or accessing a computer resource without authorization or exceeding authorized access
4.) Thereby obtaining access to restricted information, data or computer database.
Modes in which Cyber Terrorism can be done:
· Data Theft
· Network Damage
· Privacy Breach
· Unauthorized access
· Distributed Denial Service of Attack

Can Section 66f misused?
Cyber terrorism to be seen from both state and citizen's point, now the biggest question arises in peoples mind relating this is can Section 66F of Information Technology Act 2000, could be misused? Considering the example, the challenge before the court would be distinguished, whether offense of deformation covered under Section 499 of IPC or it required Section 66F of IT, Act 2000, Section 499 of IPC is respond in person not state, now the question is ‘whereas Section 66F implies Deformation of State’. The answer to this question depend on the how law enforcement agencies and the courts would view the facts and circumstances in the given case and according to the cyber terrorism.

Cyber Terrorism with other laws
Chapter VI of Indian Penal Code also discussed about offenses against the state. This chapter of IPC talks about any kind of offense committed against the country. It also covers the areas of threat from cyber space as per the Supreme Court of India.

Section 499 IPC can read along with section 66F IT Act.

Jurisdiction
Cyber Space is a cross national world that exceeds the geographical borders. When it comes to crime related to cyberspace, it is very difficult to figure out the jurisdiction of the crime. In cyber space a person who is committing crime could be of different country and the place where a crime has been committed is different and the target of the crime is completely different place then deciding the jurisdiction of the offense become difficult. Since jurisdiction is a focal point of debate when it comes to international issues, which state court have authority to settle the dispute.

Major Terror attack
9/11
“Our nation is at great risk of a cyber attack that could devastate national physhe and economy more broadly than did the 9/11”.--Carnage Mellon University Scientist Roy Maxion in a
Letter to President G. Bush co-signed by 50 computer scientist.

On September 11, 2001 a big attack was done in America which shock not only Americans but the whole world and raised a very big question in front of whole world, are these cyber space is safe? Can this can help in terror attack? After this attack America took cyber terror seriously for the first time. After this attack U.S decided to remove all the cyber threat which they have in their country. They started all the measures to stop the further harm to their country. They not only used traditional methods to keep terrorist out but played important attention to every aspect. After this incident they took the cyber security seriously and created all possible methods to reduce the cyber threat. It was ac wake up call for every country related to these kinds of threats. After 9/11 many similar attack took place which increased the requirement of cyber security against this type of terror more.

26/11
On 26th November, 2008 India Witness very tragic Incident of 12 coordinate shooting and booming lasted 4days across the Mumbai. Experts said that it was not simple terror attack but it was a major cyber attack. The terrorist were in touch with Pakistan whole time callphonx VOIP, and all the Computer systems of Taj Hotel, Leopal cafe, Shivaji maharaj Terminus, Obori Trident, Came Hospital, Nariman House were hacked, they had access to all the data of the hotel and other places. They had whole guest list of Taj Hotel their check in Time, room number etc. They basically targeted the Foreigner guest from the U.S and England and other places. As they had access to the whole data of cafe, hospital they had specific list of people whom they wanted to tar gate. The blast lasted four days and terrorist were connected to Pakistani hacker all the time. 26/11 was one of the major incidents in our country which made government to think over the cyber security and cyber threat which could occur in a nation like India and what steps government could take for it.

Ahmedabad Bomb Blast
The Ahmadabad bomb blast 2008 was a serious of 21 blasts. On 26 July, 2008 21 bomb blasts take place back to back in 70 mines in which more than 70 people were died and around 200 got injured.
Many News agencies reported that they receiving 14 page long emails from the terror group called Indian Mujahedeen, Islamic Militant Group (Harkat-Ul-Jihad-al-Islim) calming responsibility of terror attack. News agencies told that they received these email just before 5 minutes of the blast Email contain the following;
• “Awaited 5minuts for the Revenge of Gujarat” referring to the 2002 Gujarat Godhead Train Burning incident.
• Do whatever you can, within 5mins from now, feel the terror of death!
• Email also contains threats to Chief Minister of Maharashtra and his deputy, “we wonder at your memory. Have you forgotten the evening of 11 July 2006 so quickly and easily?”
• The threat went on to warn India businessman Mukesh Ambani of Reliance Industries, “building a citadel on a land in Mumbai that belong to Waif board…. least it turns into horrifying memories for you which you will never forget.
• And few Bollywood actors to stop acting.

Cyber Security
Cyber security is a procedure and technology to safeguard computer system, networks, data and any other device from unlawful, admission, weakness, attack unauthorised access through internet or any other cyber means. Security from any kind of threat which could be present in the cyber space.

The cyber security is not only required in each state separately but it is an international issue as we discussed early.

International Organization for Standardization (ISO) is the international cyber security standard which works for creating, applying, functioning, reviewing and improving Information Technology Management System.
In India National Cyber Security Policy is made under Minister of Communication and Information Technology and the purpose of this government body is to protect the public and private infrastructure of cyber-attacks.
Cyber Security is defined under Section 2(1)(nb) of IT Act, 2000 : Protection of information, Equipment, devices computer, computer resource, communication devices and information stored therein from unauthorised access, use, discloser, disruption, modification and destruction.

Section 70 Protected system: (1) The appropriate Government may, by notification in the Official Gazette, declare any computer resource which directly or indirectly affects the facility of Critical Information Infrastructure, to be a protected system. Explanation. -For the purposes of this section, "Critical Information Infrastructure" means the computer resource, the incapacitation or destruction of which, shall have a debilitating impact on national security, economy, public health or safety.
(2) The appropriate Government may, by order in writing, authorize the persons who are authorized to access protected systems notified under sub-section (1).

(3) Any person who secures access or attempts to secure access to a protected system in contravention of the provisions of this section shall be punished with imprisonment of either description for a term which may extend to ten years and shall also be liable to fine.

(4) The Central Government shall prescribe the information security practices and procedures for such protected system.

Under Section 70 (A) of IT Act, 2000 the national nodal agency is set up and their duties and functions were mentioned in this section this agency took care of the security of the cyberspace in India and the jurisdictions.
Section 70B. Indian Computer Emergency Response Team to serve as the national agency for incident response. - (1) The Central Government shall, by notification in the Official Gazette, appoint an agency of the government to be called the Indian Computer Emergency Response Team.

(2) The Central Government shall provide the agency referred to in sub-section (1) with a Director General and such other officers and employees as may be prescribed.

(3) The salary and allowances and terms and conditions of the Director General and other officers and employees shall be such as may be prescribed.

(4) The Indian Computer Emergency Response Team shall serve as the national agency for performing the following functions in the area of Cyber Security,-
(a) collection, analysis and dissemination of information on cyber incidents
(b) forecast and alerts of cyber security incidents
(c) emergency measures for handling cyber security incidents
(d) coordination of cyber incidents response activities
(e) issue guidelines, advisories, vulnerability notes and white papers relating to information security practices, procedures, prevention, response and reporting of cyber incidents
(f) such other functions relating to cyber security as may be prescribed

(5) The manner of performing functions and duties of the agency referred to in sub-section (1) shall be such as may be prescribed.

(6) For carrying out the provisions of sub-section (4), the agency referred to in sub-section (1) may call for information and give direction to the service providers, intermediaries, data centers, body corporate and any other person

(7) Any service provider, intermediaries, data centers, body corporate or person who fails to provide the information called for or comply with the direction under sub-section (6), shall be punishable with imprisonment for a term which may extend to one year or with fine which may extend to one lakh rupees or with both.

(8) No Court shall take cognizance of any offence under this section, except on a complaint made by an officer authorized in this behalf by the agency referred to in sub-section.

Section 70B empowers Indian Computers Emergency Response Team CERT-IN as a national focal point for gathering information on threat and facilitating the central government response to computer based incidents. The role of CERT-IN is to institutionalize cyber security in India from any cyber threat.

Dr Gulahan Rai is the first director of CERT-IN
It is is evident from Section 70 Subsection (4) that the role of CERT-IN is the area of cyber security which may include:
(a) Collection, analysis and dissemination of information on cyber incident
(b) Forecast and alerts of cyber security
(c) Emergency provisions
By incorporating section 66F, 70, 70A, 70B the lawmakers have filled-in the most crucial missing link in legal apparatus. Cyber terrorism is reality so do cyber security.

List of Cyber Security Organization
• National Cyber Security Organization in Israel: NATO cyber corporate cyber defense centre of excellence provides a comprehensive overview of cyber security. It is the most frequently subjected to hostile cyber incident globally.
• United State Department of Homeland Security: it is a cabinet department of Fedral Government of U.S. its mission involves many aspects international security and cyber security is a part of them.
• National Cyber Security Centre, United Kingdom: government organization which provides advice and support to public and private sector in relation to computer security.
• National Institute of Standards and Technology NIST: its mission is t promote industrial competitiveness and science and technology.
• SANS Institute SysAdmin, Audit, Network and Security: it is a private institute specialized in information security and cyber security training. This institute provides two master of science degree programs as
1. Information Security Engineering
2. Information Security Management

And they also provide four Baccalaurate certificate programs as well.
• Symantec: American based software company which provides softwarte for the security, storage, backup service support programs.

Few Indian Compnies
• Ashmit Thakur Information Security: this firm offers you different security vulnerability audits and its secure solutions.
• Data Resolve Technologies Pvt. Ltd: it deals in Data resolve technology adding computers to their platform to cover social, mobile related issues. Interrogations with dropbox, google documents and security for Apple and Windows phones.
• Mirox Cyber Security and Technology Pvt. Ltd: it provides IT security solutions and implementation, secure development SIEM/IDS/IPS implement and training in security related areas and covers many other fields.

Conclusion
Cyber Terrorism is a biggest threat which is spreading on a global scale which is required to take care by whole globe as a one unit. It is becoming bigger threat with development of technology; the more world will depend on digital world more vulnerable it will become. Every day new technology has been introduced with the introduction of new technology new threat is been created. As compare to increasing cyber terror the security for that threat has not been introduced we are lacking behind in making of cyber space a secure place. It is the biggest question of security even for the biggest countries of the world.