Both cybercrime and cybercriminals have developed at a rapid pace, while the law
has progressed at best at a snail's pace, and even that is usually only a
knee-jerk reaction. Technology, particularly the Internet, has created a
seamless, borderless platform for use, abuse, and misuse, with few laws or
enforcement mechanisms to prevent, protect, cure, or punish such transgressions.
Cybersecurity is the use of technology, processes, and policies to prevent
cyberattacks on systems, networks, programs, devices, and data. Its goal is to
limit the risk of cyberattacks and protect systems, networks, and technologies
from unauthorized use.[i] Cybersecurity measures, also known as information
technology security (IT), prevent threats to networked systems and applications,
whether they come from outside or inside a company or organization.
Cyber Security Challenges:
Cybercrime:According to Joseph Aghatise,[ii] cybercrime is a crime committed on the
Internet using a computer either as a tool or as a targeted victim. It is very
difficult to categorize crimes into different groups because many crimes evolve
daily. Even in the real world, crimes such as rape, murder, or theft do not
necessarily need to be separated. However, in all cybercrimes, both the computer
and the person behind it are victims; it just depends on which of the two is the
main target. Therefore, the computer can be a target or a tool for simplicity.
Hacking, for example, involves attacking the computer's information and other
resources. It is important to note that in many cases, there is overlap, and it
is impossible to have a perfect classification system.[iii]
Verizon's[iv] 2016 annual report, titled "Data Breach Investigations Report,"
lists industry-related incidents and security breaches. According to the report,
"89 percent of data breaches had a financial or espionage-related purpose."[v]
When individuals suffer harm, the impact is felt the most, especially when the
hard road of international enforcement is taken. The vastness of cyberspace
makes enforcement even more difficult.
According to a report by the Ministry of Electronics and Information Technology
(MeitY) submitted to a parliamentary subcommittee, cybercrime and fraud cases
increased more than fivefold between 2018 and 2021. According to data from
India's Computer Emergency Response Team (Cert-In), the total number of
incidents increased from 208,456 in 2018 to 1,402,809 in 2021, so according to
these figures, cybercrime in India has increased by 572% in just 3 years.[vi]
Cyber Terrorism:Social media sites such as Facebook, Twitter, and YouTube have become popular
recruiting sites for terrorists. The attacks on Charlie Hebdo[vii] and in
Paris[viii] in November 2015 highlighted the effectiveness of social media in
reaching recruits from afar.
Soon after the enactment of the IT Act of 2000, errors became apparent,
prompting the circulation of draft amendments in 2005 and the introduction of a
bill in 2006. After the Mumbai attacks, the IT Act amendments owing to the
inclusion of the provision on "Cyber Terrorism" were passed in the parliament
without debate or discussion. The Mumbai attacks of 26/11 (2008)[ix] were a
major factor in the IT Act amendments of December 2008 receiving a super
expedited stamp of approval. Section 66F of the IT Act deals with cyber
terrorism in India.
Despite their shortcomings, the regulations in place show an attempt to regulate
cybercrime and cyber-terrorism. However, when implemented in the sphere of cyber
warfare, the regulations clearly illustrate their limits. Several attacks, such
as the Estonia DDOS attack, the Stuxnet attack on Iran, and Ukraine's Power Grid
Attack are considered cyber-warfare. The lack of effective punishment against
perpetrators indicates the enormous gap in the fight against these types of
Cyber money laundering has emerged as the next big problem, especially in the
fight against terrorism. For cross-border crime, online payment systems have
become the primary payment method. More crucially, they have become the primary
means for terrorists to raise funds. Consequently, states cannot overlook the
fact that terrorists spread their actions through digital or electronic media.
This is a real and present threat that states must address.
Laws related to cyber security in India:
Exclusive cyber laws:The Information Technology Act of 2000,[x] as amended in 2008, is India's
principal cybercrime law. Crimes against the nation predominate among the
criminal provisions of the old law and the amended IT law.
The provision for cyber terrorism under section 66F was added in 2008. Section
69 of the IT Act gave the government broad interception and monitoring powers.
Sections 69A and 69B were added to tighten these provisions, allowing
governments to monitor and collect traffic statistics as well as prevent access
to content on the internet.
Another provision that affected the dynamics of governmental monitoring and
intermediary compliance was the insertion of intermediary duties and
liabilities, specifically section 67C, which imposes penalties on intermediaries
who violate government directives. Section 70 applied to "protected systems"
such as critical information infrastructure. Sections 70A and 70B were inserted
to create a national nodal agency for critical infrastructure protection and to
establish the Indian Computer Emergency Response Team (CERT-IN).
Sections 71 to 74 deal with offenses involving "Electronic Signature
Certificates," such as misrepresentation to obtain an electronic signature
certificate (Section 71), breach of confidentiality (Section 72), and
publication of an electronic signature certificate with false details or
fraudulent purposes (Section 73). In addition, section 72A was enacted, as the
criminal counterpart of section 43A of the IT Act. Breach of confidentiality
concerning "personal information" with the intent to cause unlawful loss or
benefit is punishable by 3 years in prison and a fine of Rs. 500,000 under the
Cyberlaw Provisions In Other Laws:The IPC and the Indian Evidence Act were revised to add several clauses after
the passage of the IT Act in 2000. Most of these modifications dealt with the
admissibility of electronic records and offenses related to them. The provisions
from sections 463 to 477A of the IPC, which made forging electronic records a
crime, were the most significant amendments. These provisions strongly encourage
the prosecution of phishing attacks and a variety of other banking and financial
Apart from the IPC, Intellectual Property legislation also bolsters the
provisions of the IT Act for punishing infractions. For example, if the data
stolen is proprietary, data theft offenses can be prosecuted under section 63 of
the Copyright Act, 1957. Section 65B of the Copyright Act, as well as sections
463 to 468 of the IPC, may be used in the case of a breach of a proprietary
right to the software. Cybersquatting and phishing crimes may also come under
the Trademarks Act of 1999's criminal prohibitions.
These offenses would fall
under the general category of "cybercrime" if they were committed online or
using computer resources; however, the IT Act may not specifically regulate
them. Provisions from several statutes may become applicable for prosecution
depending on the facts of each case.
There are currently no explicit laws for the prosecution of financial or banking
frauds. Existing provisions, including those added through the 2008 amendments,
have been relied on to initiate successful prosecutions depending on the modus
and means of committing cyber offenses[xi].
This jigsaw puzzle of cyber laws
distributed over numerous enactments, rather than a single enactment, points to
the fundamental impediment in the proper and effective criminal prosecution
against cybercrime, India is in urgent need of separate cyber security
legislation, for dealing with cybercrimes.
Justice Krishna Iyer's words, "an 'ephemeral' measure to meet a perennial menace
is neither a logical step nor national fulfillment" comes true here as well.
With the creation of the National Cyber Security Policy in 2013,[xii] there has
been a wake-up call and significant traction. However, India has to follow
through on this promise by overhauling existing laws to tackle cybercrime.
Today's cyber-attacks fade into insignificance in comparison to the risks of
Any attempt to rewrite existing legislation should not only consider
and handle current concerns but also guarantee that the law is flexible and
dynamic enough to deal with forthcoming threats. Today, cyberspace interacts
with India's major economic, business, and other interests. To protect India's
strategic, sovereign, economic, and commercial interests in cyberspace, the
union must implement strict deterrence policies and cyber security reforms at
all levels of operation.[xiii]
- It governance, what is Cyber Security? Definition and Best Practices,
available at https://www.itgovernance.co.uk/what-is-cybersecurity
- Joseph Aghatise has more than 14 years of expertise in information
security, mobile, and web technology deployment. Security, systems design,
creativity, strategy, and implementation are all areas where he excels.
- Joseph Aghatise, Cybercrime definition, Research gate, available at
- Verizon is one of the world's largest communication technology firms.
Verizon Communications, founded on June 30, 2000, is a significant provider of
technology and communications services around the world.
- Verizon, Data Breach Investigations Report, Available at https://trak.in/tags/business/2022/04/12/cyber-crimes-in-india-witness-572-increase-in-last-3-years-14-lakh-cases-in-2021-recorded-by-govt/www.verizonenterprise.com/…/reports/rp_DBIR_2016_Report_en_xg.pdf.
- Track.in, Cyber Crimes In India Witness 572% Increase In Last 3 Years! 14
Lakh Cases In 2021 Recorded By Govt., Available at https://trak.in/tags/business/2022/04/12/cyber-crimes-in-india-witness-572-increase-in-last-3-years-14-lakh-cases-in-2021-recorded-by-govt/
- Two French Muslim brothers, Sad and Chérif Kouachi, made their way into
the headquarters of the French satirical weekly newspaper Charlie Hebdo in Paris
on January 7, 2015, at 11:30 a.m. CET local time. They killed 12 individuals and
injured 11 others with guns and other weapons.
- The "November 2015 Paris attacks" were a series of coordinated Islamist
terrorist assaults that occurred in Paris, France, and Saint-Denis, the
city's northern suburb, on Friday, November 13, 2015.
- The 2008 Mumbai attacks were a series of terrorist attacks in November
2008 in which ten members of the Pakistani Islamist terrorist organization Lashkar-e-Taiba carried out twelve coordinated shooting and bombing attacks in
Mumbai over a four-day period.
- Available at https://www.meity.gov.in/content/information-technology-act-2000-0
- N S Nappinai, Technology Laws Decoded, Lexis Nexis (First 2017 edition)
- Ministry of Communication and Information Technology, 'National Cyber
Security Policy—2013', 2013, p. 5, available at https://dit.tripura.gov.in/sites/default/files/National%20Cyber%20Securi.
- Rebant Juyal, Cyber security and Threats: Cyber terrorism and the Order
Today, Journal of defense services, available at https://idsa.in/jds/cybersecurity-and-threats-15-2-2021#footnote123_qo346b1