CYBER TERRORISM: IS INDIA SITTING ON A TIME BOMB?

INTRODUCTION

As per a report submitted by Congress Research Service to the United States Congress, “the
terrorists are exhibiting a similar level of web knowledge as by US government agencies.”

Information is power and information technology is a double-edged sword, which can be used
for destructive as well as constructive work. The collective past & present of nations have
enough evidence to showcase that technology has been used for illegitimate appropriation of
funds, as a tool to aid in criminal practices, and more recently to take forms of derisory discourse
into a virtual arena.

Times have changed from when the security of a nation was reliant on the integrity of it’s
borders and its institutions. At present, with technology easing our lives in every format and
connecting everything to the internet, the terrestrial distance between adversaries has become
irrelevant because everyone is a next-door neighbor in cyberspace. It is a complex and
multidimensional problem against which no degree of technical superiority is likely to suffice.

India, a nation with more than a billion of its population present on and using internet is one of
the countries which can be worst affected in case of a cyber-terrorist attack. With most of its
institutions ditching manual processes and placing complete reliance on electronic machines,
India is emerging as a lucrative destination for cyber terrorists to create havoc by paralyzing the
economic and financial institutions, creating an unsalvageable crumble. What's more, the most
startling idea is the incapability of proportional courses of action or the nonattendance of options.

It was only the severity of the mechanism used in the 26/11 which lead the Indian Government to
spring into action, and amendments were introduced in the Information Technology Act, 2000.
Though steps are being taken by the Government to improve India’s cyber-security, the cyber-
attacks happening in India, as well as the rest of the world, makes an important revelation that as
in the 21st-century wars will be fought on the internet and in cyberspace rather than in the real
world.
In light of the above, this article attempts to analyze India’s preparedness against cyberterrorism
and how the latter imposes a real threat to the national security and critical infrastructure of the
country.

EXISTING CYBER SECURITY MEASURES IN INDIA

The term cyberterrorism basically denotes convergence of terrorism and cyber space.
Internationally, there was some serious shaking with the happening of the 2007 cyber-attack on
Estonia which literally paralyzed the whole economy of the country including stock exchange,
banking system and health care etc. The incident pulled a lot many countries from their slumber
while they realized the potential of a terrorist attack based on technology. But, in India it was the
detailed analysis of the 26/11 attack, leading to astounding revelations in terms of its planning
and execution that played a pivotal role in formally giving legal recognition to the problem of
cyberterrorism. Additionally, as per government records, there has been a massive spike in
cybercrime cases and of Indian websites being hacked. Presently the following measures exist in
India for dealing with cyberterrorism:

a. Indian Computer Emergency Response Team (Cert-In): Cert-In is the most important
constituent of India's cyber community. Devised under section 70B of the Information
Technology Act, 2000, it mandate, that states ensure security of cyberspace in the country by
enhancing the security communications and information infrastructure, through proactive action
and effective collaboration aimed at security incident prevention and response and security
assurance.

b. National Information Board (NIB): An apex body comprising of representatives from relevant
departments and agencies that form part of the critical minimum information infrastructure in the
country. This body is responsible for drafting the policy in pertinence to national information
security and is headed by the National Security Advisor.

c. National Information Security Assurance Program (NISAP): The NISAP program makes it
mandatory for organizations to implement security control and report any security incident to
Cert-In. Further, it also requires government and other critical infrastructures to have a security
policy.
d. National Information Infrastructure Protection Centre (NIIPC): NIIPC works as a foremost
agency in protecting the critical information infrastructure in the country. It gathers intelligence
and keeps a watch on emerging and imminent cyber threats in strategic sectors including national
defense.

e. Cyber Security Policy, 2013: This policy laid down the broad framework for upholding and
protecting cyberspace security. The main aim of this policy was to create a broad umbrella of
cyber security framework in the country so that the Indian cyberspace is secure from attacks by
terrorists and other anti-social elements. However, the new policy, National Cyber Security
Policy 2020 will build upon the previous policy and will additionally emphasize cyber security
awareness and hygiene.

f. Protection against malware: The central government has launched Cyber Swachhta Kendra
(Botnet Cleaning and Malware Analysis Centre) for detecting malicious programs and provides
free tools to remove them.

ANALYSIS: THREAT TO NATIONAL SECURITY & CRITICAL INFRASTRUCTURE

Although the above measures have been appreciated and welcomed towards combating
cyberterrorism in India there still exist multiple concerns in regards to their effectiveness and
implementation.

Firstly, there is an absence of stringent penal provisions in these policies which can deal with the
non-implementation of the required cybersecurity mechanism by requisite stakeholders. It is
imperative that entities which are in control of the critical information infrastructure in India be
held liable for any kind of security breach that leads to financial or physical damage. Secondly,
the lack of any formal pursuance from the government towards the stakeholders, specifically
private institutions for fulfilling all the technological and computer network security
requirements inherently raises questions on whether it is implemented in reality.

Thirdly, a major concern is in regards to the inability of the policy for providing a directional
discourse to the relevant stakeholders for the protection of critical infrastructure when faced with
a cyber-intrusion. None of the steps provide detailed parameters for the same, neither any checks
& balances have been put to overlook the proper implementation of the policies and send regular
reports regarding the same to the government. Fourthly, there is a lack of standardization of
policy procedures since various states are on different planes in terms of the implementation with
some even yet to start.

Fifthly, the approach of the Indian Government towards cyberterrorism is more of mitigation
rather than adaptation. With technology developing at the speed of light, it has become necessary
to invest adequate funds to conduct research and create institutional mechanisms to become a
cyber-threat resilient state. Law is usually behind technology but with the risk being so high it
can no longer afford to and needs to keep pace with it.

Lastly, national security & critical infrastructure are intrinsically dependent on both public &
private sectors and a lack of trustee partnership between the two will never lead to the successful
prevention of cyber terror. The private sector apart from being involved in multiple government
projects is also in possession of data of millions of Indian nationals and, therefore it becomes
vital for the government to involve the private sector in all its policy-making initiatives.
Proactive engagement with private sector stakeholders such as service providers, websites
hosting user-generated content, and internet search engines will play an important role in
controlling the availability of terrorism-related content disseminated via the Internet.

The anonymity provided by the internet is perhaps both its best and worst feature with the latter
almost over-shadowing the former as the law enforcement faces a hard time in enforcing laws
governing and deterring cyberterrorism. With the Global Terrorism Index 2019 regarding India
as a high-risk terrorist zone and terrorists becoming adept with even complex technologies, a
cyber-terrorist attack may just be looming around the corner for India. Hackers and even foreign
governments have developed the ability to launch sophisticated intrusions into the networks and
systems that control critical civilian infrastructure. There are multiple reports stating that terrorist
organizations are actively working on building cyber armies to conduct cyber warfare against
their targets. The assistance given by technology to the terrorists for carrying out Pathankot
incident and 26/11 attack was just a nudge compared to the havoc that technology is capable of
causing in the present.

CONCLUSION
The 21st century has seen a significant advancement in terms of usage of technology by terrorists
and utilizing it for expanding their outreach, networking, and targeting their enemies. Using the
internet as a weapon of terror is inexpensive, anonymous, and global. At the same time, India is
becoming more reliant on technology to control critical infrastructure, both physical and
informational. Therefore, it is vital to establish necessary facilities across the country for
keeping a check on the virtual world. As the technology evolves by every minute, a culture of
continuous cyber education and learning must be inculcated amongst the legal fraternity to keep
pace with it.

Further, with internet security being a global problem and cyberterrorism increasingly being a
worldwide nuisance, international cooperation is the need of the hour. Cyberspace being a
burgeoning area, there must be coordination, cooperation, and uniformity of legal measures
among all nations concerning it. Further, public awareness ought to be created regarding the
perils of cyberterrorism to generate consciousness in the minds of the citizenry and encourage
them to participate actively to weed out cyberterrorism. All these measures can go an extended
way in establishing a secure cyber environment in the country and will prevent reliance on
outdated measures allowing India to effectively tackle the threats of cyberterrorism.

Conclusively, as India awaits the launch of its new Cyber Policy, it will be interesting to see if
we have really learned any lessons from the past and are prepared to protect ourselves from an
invisible and borderline invincible enemy.