CYBERSECURITY AND CYBERLAW WITH REFERENCE TO INDIA
Authored by - T. Naga Dhanalakshmi Sarvani
ABSTRACT
The use of the internet has rapidly increased in recent years. These days, a person spends most of their time online. Even though using the internet has many benefits, there are drawbacks. Cyber threats are one of the drawbacks of the internet. We should ensure robust cyber security to combat these negative features of cyberspace, which are covered by cyber law. India, one of the nations with widespread internet usage, has adopted and is enforcing rules relating to cyber security and a safe online environment. We must educate our citizens on using this technology as our country quickly develops its cyber infrastructure. Knowledge about Cyber-ethics, cyber-safety and cyber-security must be incorporated into the educational process from a young age. This essay focuses on cybercrime and cybersecurity and tries to make the explanation more understandable while shedding light on India’s situation and the country’s legal safeguards for a secure online environment. Additionally, it demonstrates compliance with NIST and the important cybersecurity case laws.
Keywords – Cyberlaw, Cybersecurity, Cyber threats, Cybercrime, Cybersecurity in India, Cyberspace
Making cyberspace secure from dangers, namely cyber threats, is the goal of cyber security. The term “cyber-threats” is very ambiguous and refers to the malicious use of information and communication technologies (ICTs) by various malevolent actors, either as a target or a tool. Cybercrimes occur when illegal or unauthorized data access involves a computer or device. There is a rapid increase in cybercrimes, including fraud, abuse, and misuse of devices. With the widespread use of the internet in all spheres of life, cybercriminals now have much room to operate without being physically present in areas like sports, nuclear, or personal information. Technology and the internet are increasing lightning-fast, which has pros and cons. Individuals use these cons after founding loopholes in the system for illegal activity, also known as cybercrime.
Cybercrime is not defined by the I.T Act of 2000, the National Cyber Security Policy of 2013, or any other Indian law. Therefore, cybercrime is just a combination of computer crime. In other words, “cybercrime can be known as any such crime which involves the use of a computer.” Take a situation in which a computer or data stored on a computer utilized or misused by the fraudster serves as the basis for or facilitates such a crime. The I.T. Act defines the computer and its network, data, information, and all other components required to commit cybercrime. Cyber security is usually secured in India under I.T. Act, 2000 and IPC.
The research approach used to perform this research is doctrinal, analytical, and descriptive. The research material used for this research is secondary; articles, websites, and research will be discussed in the literature review section and assessed to the best of the researcher’s knowledge.
This research includes information about cyber law and cyber security. Along with its relationship to cyber law and NIST, this research also involves the I.T. Act and the Companies Act, including the Indian Penal Code about cyber law. This study does not analyse cyber law and cybercrimes in depth; it just provides information regarding cyber law and cyber security.
The article explained the history and development of the term “cyber,” examined the conceptual categories employed in the terminology of E.U. law that uses the term “cyber,” and identified the Lithuanian terms that are used to translate “cyber” into their Lithuanian equivalents. The ad hoc English and Lithuanian corpora of the E.U. legislative papers were assembled for the study’s aims. The research’s findings are helpful for students and teachers of legal terminology and legal translation, as well as writers of legislative and administrative documents and other experts involved in cybersecurity.
This article states that cybersecurity increasingly relies on developments in the study of human behavior to get more significant insights into handling the digital world’s developing issues.
The article provided a broad overview of recent developments in human behavior psychology and the evolution of cyber threats. The function of social engineering is considered, in addition to the significance of the human element as the starting point for developing cyber security programs in enterprises and safeguarding individual online behavior. Ethics and issues related to new developments in human behavior research are also covered. The article ends with a list of unanswered research concerns that require prompt academic attention to prevent the future exponential expansion of information breaches.
In order to explain how to fulfil the requirements of a national strategy, this study provides a National Cyber-security Strategy Model (NCSSM) based on important pillars. The objective of this plan is to create global cybersecurity connections, plans, and collaboration. The primary purpose of this research is to compare the cybersecurity policies of ten significant countries and five international organizations. There are eleven cybersecurity frameworks that abide with cyberlaw and governance.
Additionally, this article compares the national security policies of ten nations from five different continents, examines policymaking issues from five international intergovernmental organizations, and describes the most recent cybersecurity frameworks.
The primary topics covered in this article are trends, difficulties, and cyber ethics in cyber security. Cyber events underscore the importance of staying up to date on global cybercrime trends, especially those that pertain to the use of mobile and personal computer devices. Given how the world is growing, computer security is a large subject that is getting more crucial. Enterprises are being tested by the newest and most innovative technologies in terms of how they protect their infrastructure, and in order to do so, they need new platforms and information in in addition to the emerging cyber tools and threats that appear every day. This article describes the professions with a high risk of cybercrimes and different categories in which cybercrime can be seen, along with cyber ethics to follow.
By highlighting important gaps and providing useful educational alternatives, this research report supports continuing efforts in the cybersecurity community to foster the development of the cyber workforce. In the current research, a pilot education program developed at the University of Central Florida was discussed in order to address the unique difficulties of the human component in cybersecurity (UCF). The article’s conclusion looks at the “lessons learnt” from how the first cohort of students responded to the UCF program. It provided as a starting point for more conversation about the human factor in cybersecurity.
Like every other nation, India is concerned about cyber security. It is even more crucial to have strict cyber laws or legislation because India is one of the countries with widespread internet usage. There are four primary cyber-security laws in India, and they have helped advance electronic commerce and government and broaden the use and reach of digital media.
The present laws of India cannot be interpreted in the context of the necessity of cyberspace to incorporate all problems pertaining to varied practices in cyberspace, not even with the most lenient and liberal interpretation. If the existing laws were to be construed in the context of the developing cyberspace, without adopting new cyber laws, practical experience and wise judgment found that it shall not be without significant hazards and traps.
The majority of India’s cyber laws are governed by the information technology act of 2000. This law simplifies registering real-time data with the government while also attempting to legalize e-commerce. Numerous modifications have been made as a result of the increase in cybercrime. The I.T. legislation passed by the parliament emphasizes the harsh fines and punishments imposed for failing to protect the e-commerce, e-banking, and e-governance sectors. All communication devices are now included in the reach of the I.T. legislation. The I.T. Act mandates that cybercrime be subject to stricter regulation under Indian law.
Objectives of the Act:
As previously said, traditional criminal behaviours, including theft, fraud, forgery, defamation, and mischief, will also be a part of cybercrime. These behaviours are prohibited by the Indian penal code and fall under its jurisdiction. As a result, thefts and related cyber scams are defined by Indian criminal law in connection with the I.T Act of 2000.
The Section was first drafted to deal with obscene material and explicit content publication. The obscene and explicit content featuring children is also governed under this same Section.
The cybercrime addressed by this clause is the taking or disseminating of an image of a woman’s privacy or activities without the woman’s consent. This Section only addresses the offense of “voyeurism,” which classifies observing a woman engage in such behavior as a felony. If the requirements of this Section, such as gender, are not met, Section 292 of IPC and Section 66 E of I.T. Act, 2000 are sufficiently broad to consider similar offenses. First-time offenders face a sentence of one to three years in jail, while repeat offenders face a sentence of three to seven years.
This clause penalizes “stalking,” including physical and online forms. Cyberstalking occurs when a woman is followed by email, the internet, or other technological means or when someone persistently tries to get in touch with her despite her indifference. The Section’s last sentence lists the penalty for this offense as imprisonment for up to three years for the first offense and up to five years for the second offense, followed by a fine.
The victim in Kalindi Charan Lenka v. The State of Odisha[6] received an offensive SMS from an unknown number that harmed her reputation. In addition, the accused wrote emails and set up a bogus Facebook account with photoshopped images of the victim. The High Court concluded that, in accordance with the I.T. Act's guidelines and Section 354D of the IPC, the accused had a strong case for indulging in cyber stalking.
Theft of a mobile phone, its data, or computer hardware is under Section 379, which bears a complete sentence of three years of imprisonment, a fine, or both, depending on the circumstances. However, it must be noted that these provisions cannot be used if the requirements of the particular law, the I.T. Act of 2000, are invoked. In the case of Gagan Harsh Sharma v. The State of Maharashtra[7], one of several employers discovered that software and data had been taken, computers had been infiltrated, and employees had been given access to critical material.
The employer provided information to the police, filing a case under the I.T. Act’s numerous sections and Sections 379, 408, and 420 of the IPC. The issue before the court is whether the police can file a case under the IPC. The court ruled that the I.T. Act has precedence over the IPC provisions. Hence the case cannot be initiated based on those provisions.
This relates to a crime committed and punished following Section 379. One will be prosecuted in Section 411 of the IPC if they receive a stolen mobile phone, computer, or data from one. The material need not be in the thief’s possession. This clause shall be drawn even if it is held by a third party aware that it belongs to someone else. The penalty can be imposed as a fine, an extended sentence of up to three years in jail, or both.
Personation-based cheating is penalized by a fine, any type of jail with a maximum sentence of three years, or by both.
A fine and up to seven years in prison, depending on the type of imprisonment, are the penalties for anyone who fraudulently induces someone to surrender property to another person, creates, modifies, or destroys a valuable security, or anything that is signed or sealed and can be changed into a valuable security.
This provision often covers the punishment for forgery. Cyberspace offenses, including forging emails and creating fraudulent papers, are dealt with, and punished under this Section, which carries a maximum sentence of two years in prison, a fine, or both. In Anil Kumar Srivastava v. Addl Director, MHFW[8], Before bringing a claim against the same person in court, the petitioner electronically falsified the A.D.'s signature. The petitioner tried to present it as an authentic document. The petitioner was therefore found to be accountable under Sections 465 and 471 of the IPC, the court held.
Section 468 enters the picture if the offenses of email spoofing or online forgery are done to commit more serious offenses, such as cheating. This Section provides a sentence of seven years in jail, a fine, or both.
The penalty for forging a document, whether in physical or electronic form, with the knowledge that doing so will harm someone else’s reputation or desire to do so, is up to three years in jail and a fine.
This clause makes slander any person illegal. Sending abusive or defamatory content via email is considered a crime under Section 500 of the IPC. The maximum sentence under this Section for imprisonment and fine is two years.
Anyone using email or any other electronic form to threaten, insult, or attempt to provoke another person to bring peace violates Section 504 of the IPC. Punishment for this offense includes a fine, up to two years in jail, or a combination of both.
If a person attempts to criminally intimidate another individual using physical force or electronic means regarding a person’s life, property destruction by fire, or a woman’s chastity, they may get a sentence of up to seven years in jail, a fine, or a combination of the two.
The offense of using words, making gestures, or doing something else that can impair a woman’s modesty is covered in this Section. Invasion of a woman’s privacy also includes the sounds and actions taken. If this crime is committed physically or electronically, Section 509 is invoked, and the offender faces a maximum one-year sentence in jail, a fine, or both.
Business sector stakeholders describe this Act as a legal obligation to enhance and oversee daily operations. The Serious Fraud Investigation Office (SFIO) was created under the Companies Act, granting it the power to prosecute Indian corporations and their directors. The company’s 2014 inspection, investment, and inquiry guidelines caused the SFIO to become stricter and more proactive in this area.
The law has ensured that all types of regulatory compliance, such as e-discovery, cyber forensics, and cyber-security diligence, are adequately covered by its scope. Strong standards have been outlined on the roles and responsibilities of company directors and leaders in confirming cyber-security under the Companies (Management and Administration) Rules of 2014.
By providing a standardized approach to cyber-security, the national institute of standards and technology, and the NIST-approved cyber-security framework, the National Commission of Forensic Sciences has established itself as the most trustworthy global certifying organization. All guidelines, benchmarks, and best practices are provided by the NIST cybersecurity framework for effectively managing cyber-related risks. In this framework, adaptability and economy are given top priority.
It benefits critical infrastructure protection and resilience by:
Cybersecurity uses the proper technological and procedural security measures to secure information and information systems (networks, computers, databases, data centres, and apps). Although necessary for protecting user data and computer networks, firewalls, antivirus software, and other technological solutions are not enough to guarantee security. We must educate our citizens on using this technology as our country quickly develops its cyber infrastructure. Cyber-ethics, cyber-safety, and cyber-security must be incorporated into the educational process from a young age. Technology, operations, awareness, training, and education are essential components of cyber security. In order to safeguard the data and systems they deal with, as well as the network itself, Indian residents must determine the best security measures. The I.T. sector has been playing catch-up with hackers and thieves for decades.
Therefore, a cyber-security curriculum is required soon in order to instill an understanding of cyber-security in today’s youth and, in turn, to increase the number of profound, securely skilled professionals in the I.T. sector, both in the security and in all other sectors, improving both the communication and brain compatibility skills of both employees and employers. Effective cybersecurity policies, best practices, and, most importantly, their implementation at all levels must be prepared. Therefore, all people must stay safe in cyberspace and take measures to secure their cyberspace from cyber threats and cybercrime.
[1] Rackevičienė, S., & Mockienė, L. (2020). Cyber law terminology as a new lexical field in legal discourse. International Journal for the Semiotics of Law-Revue internationale de Sémiotique juridique, 33(3), 673-687.
[2] Benson, V., Mc Alaney, J., & Frumkin, L. A. (2019). Emerging threats for the human element and countermeasures in the current cyber security landscape. In Cyber Law, Privacy, and Security: Concepts, Methodologies, Tools, and Applications (pp. 1264-1269). IGI Global.
[3] Sabillon, R., Cavaller, V., & Cano, J. (2016). National cyber security strategies: global trends in cyberspace. International Journal of Computer Science and Software Engineering, 5(5), 67.
[4] Vidhya, P. M. (2014). Cyber security-Trends and Challenges. International Journal of Computer Science and Mobile Computing, 3(2), 586-590.
[5] Caulkins, B. D., Badillo-Urquiola, K., Bockelman, P., & Leis, R. (2016, October). Cyber workforce development using a behavioral cybersecurity paradigm. In 2016 International Conference on Cyber Conflict (CyCon US) (pp. 1-6). IEEE.
[6] Kalindi Charan Lenka v. The State of Odisha [BLAPL No.7596 of 2016] (https://indiankanoon.org/doc/73866393/)
[7] Gagan Harsh Sharma v. The State of Maharashtra [Cri. W.P. 4361/2018] (https://indiankanoon.org/doc/123849383/)
[8] Anil Kumar Srivastava v. Addl Director, MHFW [2005 (3) ESC 1917] (https://indiankanoon.org/doc/117846/)
[9] Avnish Bajaj v. State (NCT) of Delhi [(2008) 105 DRJ 721: (2008) 150 DLT 769]
Lorem Ipsum has been the industry's standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book. It has survived not only five centuries, but also the leap into electronic typesetting, remaining essentially unchanged. It was popularised in the 1960s with the release of Letraset sheets containing Lorem Ipsum passages, and more recently with desktop publishing software like Aldus PageMaker including versions of Lorem Ipsum.