CYBER SECURITY: ESSENCE AND ASSESSMENT

0
  1. Introduction:

In today’s digital world, man have created another world for himself who is easily accessible, user friendly and faster known as cyber world or cyber space. As defined by Oxford Learners Dictionary, Cyber Space is ‘an imaginary world where electronic messages, mails, pictures, etc. exists connected with the internet or other networking computers’. It is almost akin to the natural world, which deals with almost everything. Walter Isacson aptly said; “The symbol of atomic age, which render to centralise power, was nuclear with electrons around it held tightly; the symbol of digital age is web with countless centres of powers all equally networked”.

As every coin has two flip ends, the cyber space also has the presence of anti-factor which comprises of thieves, robbers, terrorists, spies, invaders and many others like the criminals of the natural world. While computer technology opened doors to enhance conveniences the same has also opened new doors for criminals. The real power of today’s Internet is that it is available to anyone with a computer and a telephone line. Internet places in an individual’s hand the power of information and communication which is being misused by devious minds for criminal purposes, thereby leading growth to cybercrimes. Cyber crime has no exhaustive definition. According to Author Pavan Duggal[1], “Cyber crime refers to all the activities done with criminal intent in cyberspace or using the medium of Internet. These could be either the criminal activities in the conventional sense or activities, newly evolved with the growth of the new medium. Any activity, which basically offends human sensibilities, can be included in the ambit of Cybercrimes.”

India’s first cyber law, The Information Technology Act, 2000, came in to force on 17th of October, 2000. The Act aims to provide legal recognition for transactions carried out by means of electronic data interchange and other means of electronic communication, commonly referred to as, “electronic commerce”, which involve the use of alternatives to paper-based methods of communication and storage of information and to facilitate electronic filing of documents with the Government agencies. In addition, the Central Government have issued two distinct kinds of rules. These rules are the Information technology (Certifying Authorities) Rules, 2000 and the Cyber Regulation Appellate Tribunal (Procedure) Rules, 2000.

Cyber Security is the protection of computing resources from unauthorized access, use, modification, misdirection or disruption. The following are illustrative examples; Encrypting data in storagetransit and use, Authentication-Securely identifying people and digital entities, Authorization-Defining and implementing privileges for computing resourcesNetwork SecuritySecuring networks with techniques such as a network perimeterSandboxing-Running entrusted software in a virtual environment where it can do no harm, Internal ControlsInternal controls such as the requirement that different people write code, review the code and launch it into production, Security by Design-Architecting and designing systems, applications and infrastructure to be secure, Secure Coding- A series of principles and practices for developing code that is free of security vulnerabilities, Secure Testing- Testing cycles designed to discover security vulnerabilities, Defence in Depth-The principle that each layer of security doesn’t assume anything. For example, an application that doesn’t assume that a firewall has prevented external access, Physical Security-Physical security such as a data centre with access controls, Audit TrailLogging that records interactions with systems, applications, databases and infrastructure such that malicious activity can be detected and reconstructed, Defensive Computing– Users who are aware of cyber security and are careful in their use of technologyNon-Repudiation– The ability to prove that a commercial transaction took place Security Infrastructure- Foundational tools that offer security services such as a virus scanner or intrusion detection system, Vulnerability Management-Tracking known vulnerabilities to software and hardware and applying fixes in a timely manner, defending your services, resources and data from an attack.

  • Cyber Space:

The word was coined by William Gibson, in a classic science fiction novel, Neuromancer (1984).  ‘Cyberspace’ is considered as principal theme, rather than ‘computers’ or ‘information technology’ or ‘the Internet’, partly because it is so evocative. It suggests that the computer world now supports a new and real social ‘space’ – one that raises more questions about people than about technology.

In short, much of human life is represented in cyberspace. On a personal level the impact is profound. People meet in cyberspace, work in it, play in it, learn things and discover things in it. Increasingly, people’s relationships, jobs and money will take place in cyberspace, and that makes it important.

Cyberspace describes the flow of digital data through the network of interconnected computers: it is at once not “real”, since one could not spatially locate it as a tangible object, and clearly “real” in its effects. There have been several attempts to create a concise model about how cyberspace works since it is not a physical thing that can be looked at. Secondly, cyberspace is the site of computer-mediated communication (CMC), in which online relationships and alternative forms of online identity were enacted, raising important questions about the social psychology of Internet use, the relationship between “online” and “offline” forms of life and interaction, and the relationship between the “real” and the virtual. Cyberspace draws attention to remediation of culture through new media technologies: it is not just a communication tool but a social destination, and is culturally significant in its own right. Finally, cyberspace can be seen as providing new opportunities to reshape society and culture through “hidden” identities, or it can be seen as borderless communication and culture.

The impact on society is perhaps already larger than many have had opportunity to appreciate. Here is an example; London tea trading started 300 years ago, and the auction rooms were a place where people could come together. Now, the Internet has enabled producers in countries like Kenya and Sri Lanka to set up their own auctions, without involving London. One community has been destroyed, and power has shifted, in this case, from the London centre to the producing countries themselves.

Cyberspace is far from the first example of the way in which a technological change can have profound personal and social impact. To give an historical example, railways were seen as ‘just machinery’ until people realized that you no longer needed lots of local factories; instead you could have one centralized factory, and transport the goods it made by rail. That in turn led to more railways, and greater opportunity to centralize the production of goods, and to decide where they were located. The railway system was more than the mechanics of the railway, and more than the mechanisms of running a railway. It transformed the notion of distance. Cyberspace is having a similar transforming effect, and it is happening right before our eyes.[2]

  • Cyber  Security:

Section 2 (1) (nb) of Information Technology Act, 2000 defines Cyber Security as, “Cyber security” means protecting information equipment, devices computer, computer resource, communication device and information stored therein from unauthorised access, use, disclosure, disruption, modification or destruction.

Cyber security or information technology security are the techniques of protecting computers, networks, programs and data from unauthorized access or attacks that are aimed for exploitation.

Major areas covered in cyber-security are:

1) Application-Security
2) Information-Security
3) Disaster-recovery
4) Network-Security

Application security encompasses measures or counter-measures that are taken during the development life-cycle to protect applications from threats that can come through flaws in the application design, development, deployment, upgrade or maintenance. Some basic techniques used for application security are: 

a) Input parameter validation, 

b)User/Role Authentication & Authorization, 

c) Session management, parameter manipulation & exception management, and 

d) Auditing and logging.

Information security protects information from unauthorized access to avoid identity theft and to protect privacy. Major techniques used to cover this are: 

a) Identification, authentication & authorization of user, 

b) Cryptography.

Disaster recovery planning is a process that includes performing risk assessment, establishing priorities, developing recovery strategies in case of a disaster. Any business should have a concrete plan for disaster recovery to resume normal business operations as quickly as possible after a disaster.

Network security includes activities to protect the usability, reliability, integrity and safety of the network. Effective network security targets a variety of threats and stops them from entering or spreading on the network. Network security components include: a) Anti-virus and anti-spyware, b)Firewall, to block unauthorized access to your network, c)Intrusion prevention systems (IPS), to identify fast-spreading threats, such as zero-day or zero-hour attacks, and d) Virtual Private Networks (VPNs), to provide secure remote access.[3]

  • Cyber Security Skill:

“That the Cyber Security Skill (CSS) has a significant effect on the perceived need for action to mitigate cyber misuse”

The above hypothesis holds true. As stated by the experts of cyber cell department, once there is command and control over the technology, there are no grave challenges to tackle cyber crime. The technology has both pros and cons and it is up to us who efficiently we can use it for the betterment of the society. The number of detection of cyber attacks or the detection of signals of cyber attacks have increased and had reduced the many attacks at the source. Skill is required for both to carry out the crime as well as to secure and reduce the crime. Hence, Cyber Security Skills has a significant effect to reduce the misuse of internet.

Moreover, initiatives of creating awareness among people and students by providing easy guide to cyber protection by Government, introduction of Cyber security subject in syllabus, by messages and emails to not share vital information to anyone of either your bank or personal details. These all methods have created awareness in the society and made public aware about the appropriate use of internet.

  • Suggestions and Conclusions:

The researcher proposes the following suggestions:

  • A more successful long-term strategy is required to make more transparent transactions and data flow trails across the internet. Using policy, that targets individuals and the illicit exchange of information alone will not provide an adequate solution. Requesting the closure of certain bandwidth providers do not correct the underlying problem, as many of the sites will disappear to avoid detection and quietly transfer to other providers.
  • Sting operations can be set up where either hidden websites are created or an account is created on an existing one and illegal transaction can be conducted. If a buyer is purchasing a physical item, an address must be given and law enforcement can simply arrive at the buyer’s doorstep once the package arrives. Timing correlation attacks can also be done where by looking at the time a request moves through the initial server and matching it with the time a request moves out the final server and towards the hidden site. If the times match up that a specific user was accessing a specific site.

There are two priorities-

  • to ensure that existing cyber crime policies operate in a joined-up manner across national boundaries to tackle criminal activity.
  • to correct the current disconnection between legislation at the national, regional and international levels.

Co-operative policies, that can be developed, include:

  • Companies and organizations being required by law to disclose security breaches.
  • Banks being instructed to co-ordinate their security responses and ensure their security contractors share information.
  • National governments should co-ordinate their police focus on specific areas of cybercrime, such as bot-nets, dissident exchange, etc.
  • Cybercrime should be treated as an illegal industry and its activities such as money laundering to be targeted.

There is a need to pool resources together, that’s the way forward. Also, there should be stronger relationships between the private sector, law enforcement and the courts to ensure that all the legal authorities that exist can be brought to bear against cyber attackers. It is important that transparency and openness relating to data transactions is encouraged at industry and governmental level. In addition, governments need to carefully consider and co- ordinate policy development to enable them to co-operate in overcoming the emerging challenges of the internet.


[1] Pavan Duggal, Cyber Law 3.0(2nd edn, Universal law Publishing 2018).

[2] Cyber Space And The Law- Issues And Challenges,Ranbir Singhand Ghanshyam Singh(Nalsar University 2006)

[3] B. Venkataram And Karun Gupta, ‘Cyber-Security- Its Effect On National Security And International Relations(2016)< http://docs.manupatra.in/newsline/articles/Upload/DF00C465-AB53-4F85-8027-F1D7E6E62D14.2-F__cyber%20laws.pdf> accessed on 7 March 2019

Share.
Leave A Reply

Exit mobile version