As the population of India’s internet users is growing and the country is expected to have 900 million such users by 2025, it is believed that the digital growth will invite more cybersecurity challenges in the coming years. Considering such digital threats, in conversation with News18 Dr Pavan Duggal, Supreme Court lawyer and Chairman of the International Commission on Cyber Security Law, talks about what India needs at this moment.
The cybersecurity expert and Supreme Court advocate Duggal suggested: “India requires a dedicated new Ministry on cybersecurity as it has become much bigger and comprehensive in its impact and relevance.”
He said the existing activities of the Ministry of Electronics and Information Technology and the Indian Computer Emergency Response Team (CERT-In) only cover a portion of the spectrum of cybersecurity.
“CERT-In is the nodal agency on cybersecurity and does not deal with all aspects pertaining to protection and preservation of cybersecurity across digital paradigms. Even the roles and responsibilities of CERT-In are pretty limited under Section 70B of the Information Technology Act, 2000,” noted the expert.
Dr Duggal explained, today, cybersecurity affects all sectors of human activity; thus, it would be futuristic and innovative if India comes up with a specialised Ministry of Cybersecurity that would deal with all aspects of cybersecurity.
Dr Duggal, who is also the Conference Director at International Conference on Cyberlaw, Cybercrime & Cybersecurity, said: “When India is becoming the most populist country in the world and as cybersecurity is going to impact the life of every Indian, the time has come for India to have dedicated Ministry on cybersecurity which can look at all aspects pertaining to cybersecurity and its protection and preservation.”
The Growing Digital Threat
Cyberattack incidents, including ransomware, malware and phishing attacks have increased in recent years. All these are happening at a time when the country is moving ahead under the banner of Digital India.
According to Dr Duggal, “We need to appreciate that the Golden Age of Cybercrime has already arrived with the coming of Covid-19. The world is moving towards the New Cyber World Order.”
In his book, New Cyber World Order Post Covid-19, Dr Duggal argued that by the time all countries are victorious against the present and subsequent waves of Covid-19 infections, the world will enter into a new cyber age where a “New Cyber World Order” is waiting for everyone.
As per the expert, who is also the Chief Executive at Artificial Intelligence Law Hub, it will include more cybersecurity breaches and cause an increase in cybercrimes which will be the “new normal”.
He also believes that the safety of Digital India is dependent on its cyber security, and the government must prioritise it going forward, especially with the implementation of more electronic governance, as the vector of attacks by the breachers in the Indian context grows.
He said: “Having strong and long alpha-numeric passwords is a good starting point and adequate attention to secure our devices and networks is also a great idea.”
He also said people should learn not to share passwords, OTPs, sensitive personal data and financial or banking data with anyone. According to him, internet users must restrict themselves from downloading any program without verifying it.
People must be encouraged to adopt cybersecurity as part of lifestyle and cyber law education must be integrated into the school curriculum beginning with the first grade, he pointed out.
“The government must allocate resources for creating more capacity building. Initiatives in the public-private-partnership ecosystem need to be strengthened,” he added.
According to him, cybersecurity measures need to be displayed on mass media, social media and other digital platforms. In fact, the cyber expert believes that people need to be explained that without giving the “due respect to cybersecurity”, the entire initiative in the data economy can “collapse and come to a grinding halt”.
The Cybersecurity Architecture
When Dr Duggal was asked to explain the national-level architecture for cybersecurity, he clearly stated that historically, India has not given cybersecurity the attention and seriousness that it deserves and as a result, it never developed a comprehensive national cybersecurity architecture or a national cybersecurity plan.
He said: “It is correct that the Indian IT Act, 2000 got amended in the year 2008, with the amendments giving a very futuristic and broad definition of the term ‘cybersecurity’ and also coming up with certain cosmetic provisions concerning cybersecurity. However, India to date has not come up with a dedicated national cybersecurity law.”
“Instead, India is relying upon adding elements under the existing Cyberlaw. The National Cyber Security Policy 2013, despite being a good document, remained a mere paper tiger as India never implemented the said policy,” he noted.
Furthermore, Dr Duggal told News18 that there is currently discussion of a National Cybersecurity Strategy, but most stakeholders in India’s cyber ecosystem are “clueless” about what they should do in the event of an attack or cybersecurity breach on India’s computer systems and networks, as well as critical information infrastructure.
In that case, he suggested learning from the experiences of other countries who have come up with dedicated national laws on cybersecurity.
“Let’s use the collated wisdom on cybersecurity of the world and then see how the said wisdom can be customized in the context of Indian nation and its unique ground realities,” he suggested.
Additionally, Dr Duggal believes that India needs to act quickly, as well as proactively and “think on our feet as cybersecurity is a constantly moving target”.
According to him, a lot will ultimately depend upon the kind of political will of the relevant or appropriate government on how they want to proactively deal with legal, policy and regulatory issues pertaining to or impacting cybersecurity.
Data Protection Bill
Dr Duggal also talked about the Data Protection bill, which was recently withdrawn by the central government and is now expected to be replaced by a comprehensive legal framework.
He said: “Individuals and businesses need to be prepared for new sets of compliances as the new data protection law is going to deal with not just personal data but also non-personal data. They will also have to increasingly ensure compliance with the data protection law while dealing with third party personal and non-personal data if they want to limit their exposure to legal liability.”
“The chances are that non-compliance with the parameters of the new data protection law would potentially expose the relevant individuals and businesses to civil and criminal liability consequences. Hence, stakeholders will have to start adopting proactive approaches and compliances vis-à-vis data protection as the new law comes into force,” Dr Duggal added.
But there were many people who questioned the delay in introducing this bill in parliament. So, News18 asked Dr Duggal whether India can afford such delays in implementing the bill which is essential during this digital age.
In response, the Supreme Court advocate said: “India can ill-afford such delay. The legal approaches on data protection should have been crystallized some time back.”
However, he also stated that in today’s data economy age, data protection law is unquestionably essential for the creation of a safe and secure country since data protection is the foundational pillar upon which the ongoing growth of the data economy will be established.
While talking about the Personal Data Protection Bill, 2019, he said that it not only had noble goals but also had numerous legal challenges, issues, deficiencies and grey areas.
However, Dr Duggal also noted that “the exemption of the government altogether from complying with the data protection provisions is also a problematic area”.
He believes that the country can ill afford to have two ecosystems; one in which corporations and individuals are expected to comply with the data protection law, and the other in which the government and its various agencies are required to comply with the terms of the data protection law.
“We need to wait and watch for witnessing the final language of the new data protection law that the Government is currently working on. The devil is in the details and we will have to wait and watch for the new avatar of the data protection law that the Government comes up with,” Dr Duggal stated.
The Supreme Court advocate also said: “All eyes will be on the Government as to how it comes up with the new version of the data protection law in the Indian context, which is topical and relevant for today’s India.”
Read all the Latest Tech News and Breaking News here