India needs a dedicated cyber security law: Pavan Duggal

India needs a dedicated cyber security law: Pavan Duggal

India needs a dedicated cyber security law: Pavan Duggal

India is under threat and is totally unprepared to meet the cyber security challenges in the era of rapid digitisation.

Large-scale digitisation and the challenges ahead.

The golden age of cybercrime has also begun with covid-19 and India has suddenly seen the proliferation of the Jamtara model of cyber crimes that has mushroomed into a cottage industry. Unfortunately, there is no legal framework to counter this proliferation. The recent ransomware attack on AIIMS is a classical example of this. 

The initiatives taken by the government to make life easy in terms of payments and other services moving ahead, there are immense amounts of challenges and the biggest of them is cyber security.

Existing Indian laws to curb cyber threats and fraud.

The Indian Information Act 2000, the only act in place today, is not effective at all. The Act was enforced two decades back and it was aimed at enabling e-commerce in the IT sector. It granted legality to electronic format and was not enough to drive the digital India Initiative into the future. Even though the amendments were made in 2008, it was a mistake to make all cybercrimes bailable offenses. 

There is no law to deal with issues pertaining to social media, Artificial Intelligence, blockchain and many other internet-related things. But with appropriate amendments, the law can be made potent!

Are we armed to tackle the emerging threats of the cyber age?

We must acknowledge that every 11 seconds, a company, an organization or an individual is becoming a victim of a ransomware attack, In fact, the AIIMS attack is one of the biggest cyber assaults on India targeted at the Indian health ecosystem.

We don't have a legal framework yet to deal with ransomware assaults. The IT act is silent on it and India does not have a dedicated law on cybersecurity. 

All networks — from Mumbai grid, Kudankulam Nuclear Power Station, government websites or corporates and even individuals — are under attack. Countries like China, Vietnam, Singapore, and Australia have dedicated laws which are helping them to deal with cyber security challenges.

The Digital Personal Data Protection Bill of 2022.

  • Primarily, it is not dealing with the complex issue of data protection in a holistic manner. 

  • The said legislation has been drafted in a siloed approach. 

  • No Data Protection is complete or possible without appropriately addressing cyber security. 

  • The bill is silent on data security.

  • It's a laid-back process. 

  • It’s coming up with challenges and is in conflict with the mother bill — the Indian IT Act 2000.

  • Indian IT Act 2000, The bill entirely negates the concept of data localisation. If this bill is passed in its current form, it will have a huge detrimental impact not just the cyber sovereignty but also on the security and integrity of India. 

  • Cybercrime, including phishing, identity theft and fraud, has massively increased in the past one year. However, its coverage under the existing laws is neither adequate nor comprehensive.

  • Share