Tomorrows terrorist may be able to do more damage with a keyboard than
with a bomb - National Research Council
Terrorism is spreading all over the world and it is the greatest threat in
today's society, Cyber Terrorism is vast spreading. We live in a dangerous world
where terrorism gone beyond the Bodily injury It's dangerous and spreading
threat to virtual reality.
Cyber Space is culture of Virtual reality, computer, internet or any other
device related to information technology for networking.
Access with its literal meaning and cognate expressions means gaining entry
into, instructing or communicating with logical, memory function resource of
functions.
Terrorism means doing unlawful activities for political reasons or to create a
threat in a social environment. Any act which is done to create a threat in
peoples mind.
Cyber terrorism in simple words means doing unlawful things, though internet for
political purposes, to create hate in the minds of people. Any act which is done
through cyberspace to create a threat in the minds of the people or to breach
the sovereignty, unity, or integrity of a country, or to provoke people or a
group of people against the government. Creating panic or alarm through
attacking information system of a country. Cyber terrorism can be defined as
electronic attacks from cyberspace from both the internal and external networks,
particularly from the Internet that emanate from various terrorist sources with
different set of motivations and are directed at a particular target.
Reason for increasing Cyber Terrorism:
There is a rapid growth in cyber terrorism with time, the more we are moving to
digital world the more threat we face.
· Spread of terror in large scale: through internet the terror attack could be
in a larger scale. As compare to physical attract cyber attack could be done in
a larger scale. Attack can be done more than one place at a same time which
makes it easy for the attackers.
· Disability of Government functions: Every country is becoming digital all
the operations are done through digital process which makes for the attackers a
chance to slower down the functions of a country and to Brach the security of
that state. Any sector of a govt. broke down it slowed down the all over
functions of the nation.
· Easy way to create threat in people mind: Internet is the easiest medium
through which threat can be created in the minds of people. It is a global
platform to spread treat through social media or any other networking websites
it only effect one country at a time but the whole world.
· Easy to execute: as compare to physical attack, virtual attack is easy to
done. As the attacker or any person related to don’t have physically presented
at the target of the attack. It makes easy for the attacker to execute his
attack. They can perform activates across territories.
Section 66F of Information Technology Act, 2000 defines Punishment for cyber
terrorism.
66F: Punishment for cyber terrorism. -(1) Whoever,-
(A) With intent to threaten the unity, integrity, security or sovereignty of
India or to strike terror in the people or any section of the people by
(i) Denying or cause the denial of access to any person authorized to access
computer resource; or
(ii) Attempting to penetrate or access a computer resource without authorization
or exceeding authorized access; or
(iii) Introducing or causing to introduce any computer contaminant.
And by means of such conduct, causes or is likely to cause death or injuries to
persons or damage to or destruction of property or disrupts or knowing that it
is likely to cause damage or disruption of supplies or services essential to the
life of the community or adversely affect the critical information
infrastructure specified under Section 70; or
(B) knowingly or intentionally penetrates or accesses a computer resource
without authorization or exceeding authorized access, and by means of such
conduct obtains access to information, data or computer database that is
restricted for reasons of the security of the State or foreign relations; or any
restricted information, data or computer database, with reasons to believe that
such information, data or computer database so obtained may be used to cause or
likely to cause injury to the interests of the sovereignty and integrity of
India, the security of the State, friendly relations with foreign States, public
order, decency or morality, or in relation to contempt of court, defamation or
incitement to an offence, or to the advantage of any foreign nation, group of
individuals or otherwise, commits the offence of cyber terrorism.
(2) Whoever commits or conspires to commit cyber terrorism shall be punishable
with Terrorist’s activities being done by foreign it would be obligatory to read
insertion 66F along with Section 75 of this Act.
Imprisonment, which may extend to imprisonment for life.
Ingredients of Cyber Terrorism can be classified in three ways:
1.) Intention: an intention to strike terror in the person's mind or menace to
the unity, integrity, security or sovereignty of India, through,
a.) Denial of access to any person from using any virtual resource which he is
authorized for
b.) Unauthorized access of computer resource; or
c.) Or introducing or causing to introduce any computer contaminant.
2.) Causing or likely to cause (I) death or injury to person or (ii) damage or
destruction of property or (iii) damage or disruption of supplies.
3.) Knowingly or intentionally penetrating or accessing a computer resource
without authorization or exceeding authorized access
4.) Thereby obtaining access to restricted information, data or computer
database.
Modes in which Cyber Terrorism can be done:
· Data Theft
· Network Damage
· Privacy Breach
· Unauthorized access
· Distributed Denial Service of Attack
Can Section 66f misused?
Cyber terrorism to be seen from both state and citizen's point, now the biggest
question arises in peoples mind relating this is can Section 66F of Information
Technology Act 2000, could be misused? Considering the example, the challenge
before the court would be distinguished, whether offense of deformation covered
under Section 499 of IPC or it required Section 66F of IT, Act 2000, Section 499
of IPC is respond in person not state, now the question is ‘whereas Section 66F
implies Deformation of State’. The answer to this question depend on the how law
enforcement agencies and the courts would view the facts and circumstances in
the given case and according to the cyber terrorism.
Cyber Terrorism with other laws
Chapter VI of Indian Penal Code also discussed about offenses against the state.
This chapter of IPC talks about any kind of offense committed against the
country. It also covers the areas of threat from cyber space as per the Supreme
Court of India.
Section 499 IPC can read along with section 66F IT Act.
Jurisdiction
Cyber Space is a cross national world that exceeds the geographical borders.
When it comes to crime related to cyberspace, it is very difficult to figure out
the jurisdiction of the crime. In cyber space a person who is committing crime
could be of different country and the place where a crime has been committed is
different and the target of the crime is completely different place then
deciding the jurisdiction of the offense become difficult. Since jurisdiction is
a focal point of debate when it comes to international issues, which state court
have authority to settle the dispute.
Major Terror attack
9/11
“Our nation is at great risk of a cyber attack that could devastate national
physhe and economy more broadly than did the 9/11â€.--Carnage Mellon University
Scientist Roy Maxion in a
Letter to President G. Bush co-signed by 50 computer scientist.
On September 11, 2001 a big attack was done in America which shock not only
Americans but the whole world and raised a very big question in front of whole
world, are these cyber space is safe? Can this can help in terror attack? After
this attack America took cyber terror seriously for the first time. After this
attack U.S decided to remove all the cyber threat which they have in their
country. They started all the measures to stop the further harm to their
country. They not only used traditional methods to keep terrorist out but played
important attention to every aspect. After this incident they took the cyber
security seriously and created all possible methods to reduce the cyber threat.
It was ac wake up call for every country related to these kinds of threats.
After 9/11 many similar attack took place which increased the requirement of
cyber security against this type of terror more.
26/11
On 26th November, 2008 India Witness very tragic Incident of 12 coordinate
shooting and booming lasted 4days across the Mumbai. Experts said that it was
not simple terror attack but it was a major cyber attack. The terrorist were in
touch with Pakistan whole time callphonx VOIP, and all the Computer systems of
Taj Hotel, Leopal cafe, Shivaji maharaj Terminus, Obori Trident, Came Hospital,
Nariman House were hacked, they had access to all the data of the hotel and
other places. They had whole guest list of Taj Hotel their check in Time, room
number etc. They basically targeted the Foreigner guest from the U.S and England
and other places. As they had access to the whole data of cafe, hospital they
had specific list of people whom they wanted to tar gate. The blast lasted four
days and terrorist were connected to Pakistani hacker all the time. 26/11 was
one of the major incidents in our country which made government to think over
the cyber security and cyber threat which could occur in a nation like India and
what steps government could take for it.
Ahmedabad Bomb Blast
The Ahmadabad bomb blast 2008 was a serious of 21 blasts. On 26 July, 2008 21
bomb blasts take place back to back in 70 mines in which more than 70 people
were died and around 200 got injured.
Many News agencies reported that they receiving 14 page long emails from the
terror group called Indian Mujahedeen, Islamic Militant Group (Harkat-Ul-Jihad-al-Islim)
calming responsibility of terror attack. News agencies told that they received
these email just before 5 minutes of the blast Email contain the following;
• “Awaited 5minuts for the Revenge of Gujarat†referring to the 2002 Gujarat
Godhead Train Burning incident.
• Do whatever you can, within 5mins from now, feel the terror of death!
• Email also contains threats to Chief Minister of Maharashtra and his deputy,
“we wonder at your memory. Have you forgotten the evening of 11 July 2006 so
quickly and easily?â€
• The threat went on to warn India businessman Mukesh Ambani of Reliance
Industries, “building a citadel on a land in Mumbai that belong to Waif board….
least it turns into horrifying memories for you which you will never forget.
• And few Bollywood actors to stop acting.
Cyber Security
Cyber security is a procedure and technology to safeguard computer system,
networks, data and any other device from unlawful, admission, weakness, attack
unauthorised access through internet or any other cyber means. Security from any
kind of threat which could be present in the cyber space.
The cyber security is not only required in each state separately but it is an
international issue as we discussed early.
International Organization for Standardization (ISO) is the international cyber
security standard which works for creating, applying, functioning, reviewing and
improving Information Technology Management System.
In India National Cyber Security Policy is made under Minister of Communication
and Information Technology and the purpose of this government body is to protect
the public and private infrastructure of cyber-attacks.
Cyber Security is defined under Section 2(1)(nb) of IT Act, 2000 : Protection
of information, Equipment, devices computer, computer resource, communication
devices and information stored therein from unauthorised access, use, discloser,
disruption, modification and destruction.
Section 70 Protected system: (1) The appropriate Government may, by
notification in the Official Gazette, declare any computer resource which
directly or indirectly affects the facility of Critical Information
Infrastructure, to be a protected system. Explanation. -For the purposes of this
section, "Critical Information Infrastructure" means the computer resource, the
incapacitation or destruction of which, shall have a debilitating impact on
national security, economy, public health or safety.
(2) The appropriate Government may, by order in writing, authorize the persons
who are authorized to access protected systems notified under sub-section (1).
(3) Any person who secures access or attempts to secure access to a protected
system in contravention of the provisions of this section shall be punished with
imprisonment of either description for a term which may extend to ten years and
shall also be liable to fine.
(4) The Central Government shall prescribe the information security practices
and procedures for such protected system.
Under Section 70 (A) of IT Act, 2000 the national nodal agency is set up and
their duties and functions were mentioned in this section this agency took care
of the security of the cyberspace in India and the jurisdictions.
Section 70B. Indian Computer Emergency Response Team to serve as the national
agency for incident response. - (1) The Central Government shall, by
notification in the Official Gazette, appoint an agency of the government to be
called the Indian Computer Emergency Response Team.
(2) The Central Government shall provide the agency referred to in sub-section
(1) with a Director General and such other officers and employees as may be
prescribed.
(3) The salary and allowances and terms and conditions of the Director General
and other officers and employees shall be such as may be prescribed.
(4) The Indian Computer Emergency Response Team shall serve as the national
agency for performing the following functions in the area of Cyber Security,-
(a) collection, analysis and dissemination of information on cyber incidents
(b) forecast and alerts of cyber security incidents
(c) emergency measures for handling cyber security incidents
(d) coordination of cyber incidents response activities
(e) issue guidelines, advisories, vulnerability notes and white papers relating
to information security practices, procedures, prevention, response and
reporting of cyber incidents
(f) such other functions relating to cyber security as may be prescribed
(5) The manner of performing functions and duties of the agency referred to in
sub-section (1) shall be such as may be prescribed.
(6) For carrying out the provisions of sub-section (4), the agency referred to
in sub-section (1) may call for information and give direction to the service
providers, intermediaries, data centers, body corporate and any other person
(7) Any service provider, intermediaries, data centers, body corporate or person
who fails to provide the information called for or comply with the direction
under sub-section (6), shall be punishable with imprisonment for a term which
may extend to one year or with fine which may extend to one lakh rupees or with
both.
(8) No Court shall take cognizance of any offence under this section, except on
a complaint made by an officer authorized in this behalf by the agency referred
to in sub-section.
Section 70B empowers Indian Computers Emergency Response Team CERT-IN as a
national focal point for gathering information on threat and facilitating the
central government response to computer based incidents. The role of CERT-IN is
to institutionalize cyber security in India from any cyber threat.
Dr Gulahan Rai is the first director of CERT-IN
It is is evident from Section 70 Subsection (4) that the role of CERT-IN is the
area of cyber security which may include:
(a) Collection, analysis and dissemination of information on cyber incident
(b) Forecast and alerts of cyber security
(c) Emergency provisions
By incorporating section 66F, 70, 70A, 70B the lawmakers have filled-in the
most crucial missing link in legal apparatus. Cyber terrorism is reality so do
cyber security.
List of Cyber Security Organization
• National Cyber Security Organization in Israel: NATO cyber corporate cyber
defense centre of excellence provides a comprehensive overview of cyber
security. It is the most frequently subjected to hostile cyber incident
globally.
• United State Department of Homeland Security: it is a cabinet department of
Fedral Government of U.S. its mission involves many aspects international
security and cyber security is a part of them.
• National Cyber Security Centre, United Kingdom: government organization which
provides advice and support to public and private sector in relation to computer
security.
• National Institute of Standards and Technology NIST: its mission is t promote
industrial competitiveness and science and technology.
• SANS Institute SysAdmin, Audit, Network and Security: it is a private
institute specialized in information security and cyber security training. This
institute provides two master of science degree programs as
1. Information Security Engineering
2. Information Security Management
And they also provide four Baccalaurate certificate programs as well.
• Symantec: American based software company which provides softwarte for the
security, storage, backup service support programs.
Few Indian Compnies
• Ashmit Thakur Information Security: this firm offers you different security
vulnerability audits and its secure solutions.
• Data Resolve Technologies Pvt. Ltd: it deals in Data resolve technology adding
computers to their platform to cover social, mobile related issues.
Interrogations with dropbox, google documents and security for Apple and Windows
phones.
• Mirox Cyber Security and Technology Pvt. Ltd: it provides IT security
solutions and implementation, secure development SIEM/IDS/IPS implement and
training in security related areas and covers many other fields.
Conclusion
Cyber Terrorism is a biggest threat which is spreading on a global scale which
is required to take care by whole globe as a one unit. It is becoming bigger
threat with development of technology; the more world will depend on digital
world more vulnerable it will become. Every day new technology has been
introduced with the introduction of new technology new threat is been created.
As compare to increasing cyber terror the security for that threat has not been
introduced we are lacking behind in making of cyber space a secure place. It is
the biggest question of security even for the biggest countries of the world.
Please Drop Your Comments