LOK SABHA SECRETARIAT

PARLIAMENT LIBRARY AND REFERENCE, RESEARCH, DOCUMENTATION

AND INFORMATION SERVICE (LARRDIS)

MEMBERS’ REFERENCE SERVICE

REFERENCE NOTE.
No.34/RN/Ref./October/2015
For the use of Members of Parliament Not for Publication

CYBER SECURITY

-------------------------------------------------------------------------------------------------------------------------------
The reference material is for personal use of the Members in the discharge of their Parliamentary duties, and is not
for publication. This Service is not to be quoted as the source of the information as it is based on the sources
indicated at the end/in the text. This Service does not accept any responsibility for the accuracy or veracity of the
information or views contained in the note/collection.
 CYBER SECURITY

INTRODUCTION

The word "Cyber" refers to anything relating to computers, information technology

and/or virtual reality. The "Cyberspace" comprises of computer systems, computer networks
and Internet, Local Area Networks and Wide Area Networks, servers, desktops, laptops,
Personal Digital Assistants (PDAs), mobile computing platforms etc. The "Cyber Security"
refers to set of activities and measures, technical and non-technical, intended to protect
computers, computer networks, related hardware and devices software, and the information
they contain and communicate, including software and data, as well as other elements of
cyberspace, from all threats, including threats to the national security.

The emergence of the Internet led to the evolution of cyberspace as a fifth domain of
human activity and in last two decades, Internet has grown exponentially worldwide. India too
has witnessed significant rise in cyber space activities and it has not only become one of the
major IT destinations in the world but has also become the third largest number of Internet
users after USA and China. Such phenomenal growth in access to information and
connectivity has on the one hand empowered individuals and on the other posed new
challenges to Governments and administrators of cyberspace.

Cyber space has unique characteristics viz. anonymity and borderless, coupled with
enormous potential for damage and mischief. This characteristics not only adds to the
vulnerabilities but also makes cyber security a major concern across the globe since it is
being exploited by criminals and terrorists alike to carry out identity theft and financial fraud,
conduct espionage, disrupt critical infrastructures, facilitate terrorist activities, steal corporate
information and plant malicious software (malware) and Trojans. The emergence of cloud
and mobile technology has further complicated the cyber threat landscape. All this makes
cyber security an issue of critical importance with profound implications for our economic
development and national security1.

1 nd
Lok Sabha, Standing Committee on Information and Technology, 52 Report on Cyber Crime, Cyber Security and Right to
Privacy, February 2014, p. 1
 2

CYBER CRIME

Significant increase in cyber space activities and access to internet use in the country
has resulted in increased opportunities for technology related crime. Coupled with this, lack of
user end discipline, inadequate protection of computer systems and the possibility of
anonymous use of ICT – allowing users to impersonate and cover their tracks of crime, has
emboldened more number of users experimenting with ICT abuse for criminal activities. This
aspect, in particular, has a significant impact in blunting the deterrence effect created by legal
framework in the form of Information Technology Act, 2000 and other well-intended actions of
enhancing cyber security in the country. As a result, today Indian cyber threat landscape, like
other parts of the world, has seen a significant increase in spam & phishing activities, virus
and worm infections, spread of bot infected systems. The rate of computer infections and
spam & phishing activities in the country keep fluctuating, making India figure among the
active sources, as is generally seen in developed economies with high rate of IT usage.

The various modes of occurrence and prevention of types of cyber-crimes

existing/emerging around the world and in our country has been described in following
table2:
Sl. No. Type of Definition Mechanism in How it can be prevented/tackled
Cyber which it is
Crime carried out Legal Technical and
Measures as other Measures
per Sections
Relevant in
Information
Technology
Act, 2000 and
Amendments
1 Cyber Stealthily By using Section 43, 66. Not disclosing
Stalking following a electronic (Compensation personal information
person, communication, and on Internet, chat, IM
tracking his such as punishment of and interacting over
internet chats. e-mail instant three years electronic media with
messaging(IM), with fine) known people only.
messages Taking up the matter
posted to a with concerned
Website or a Service Providers in
discussion stopping cyber
group. stalking activities.

2
Ibid, pp. 5-7
 3

2 Intellectual Source Code Accessing Section 43, 65, Strong authentication

Property Tampering source code or 66. and technical
Crime etc. such type of (Compensation measures for
material and and prevention of data
stealing or punishment of leakage
manipulating the three years
code etc. with fine)
3 Salami Deducting By means of Section 43, 66 Strong
Attack small amounts unauthorized (Compensation authentication
(Theft of from an access to And Measures for
data or account source punishment accessing the data
manipulating Without code of of three years) and securing the IT
coming software infrastructure
banking in to notice to application and involved
account) make big databases
amount
4 E-Mail Flooding an Bulk email Section 43, 66 Implementing anti-
Bombing E-mail box generation to (Compensation Spam filters
with target specific And
innumerable email account punishment
number of by using of three years)
E-mails to automated
disable to tools
notice
important
message at
times.

5 Phishing Bank Financial Using social Section 43, 66, Immediate take-
Frauds in engineering 66C down of phishing
Electronic techniques to (Compensation websites.
Banking commit identity and Strong
theft punishment of authentication
three years mechanisms for
with fine) financial and
electronic banking.
User awareness on
phishing attacks.
Keeping the
computer systems
secure being used
for transacting with
the financial

6 Personal Stealing Compromising Section 43, Safeguarding the

Data Theft personal data online personal 43A, 72A online data and
data, email (Compensation personal computer
accounts and and systems
computer punishment of
systems three years
with fine)
 4

7 Identity Stealing Hacking the Section 43 Safeguarding of

Theft Cyberspace personal identity (Compensation personal identity
identity information or and information, securing
information of employing punishment of the personal
individual phishing three years computer systems,
techniques with fine) awareness on
preventing identity
theft and adopting
safe internet
practices
8 Spoofing Stealing Using tools and Section 43, 66 Safeguarding the
Credentials other (Compensation credentials and
using, friendly manipulative and implementing anti-
and familiar techniques punishment of spoofing measures
GUI's three years
with fine)
9 Data Theft Stealing Data Hacking of Section Securing the
computer Provisions computer systems,
systems and under 43, 43A, implementing data
using 65, 66 and leak prevention
Malicious 72(Compensati measures and
methods on and creating user
punishment of awareness
three years
with fine)
10 Worms Different Different Section 43, 66 Securing computer
Trojan Hacking methods to (Compensation systems, installing
Horses, mechanisms install and and anti-malware
Virus etc. propagate punishment of systems and
malicious code three years creating user
with fine) awareness.
11 Sabotage Taking control Compromising Section 43, 66 Securing computer
of of computer the computer (Compensation systems and
Computer with the help systems and deploying anti-
of malware. punishment of malware solution
three years
with fine)
12 DOS,DDOS Flooding Generating flood Section 43, 66, Implementing DOS,
Demat of a computer traffic from 66F DDOS prevention
Service with Denial of thousands and (Compensation systems
Service Millions of (up to life
Attacks, compromised imprisonment
DDOS is computers using under 66F)
Distributed automated tools
DOS attack and techniques

13 Web Web Pages Compromising Section 43, 66 Securing the

Defacing Defacing the websites and (Compensation websites and the IT
adding or and infrastructure used
manipulating the punishment of for hosting and
web pages with three years Maintaining the
some messages with fine) websites
 5

14 Spam and Unsolicited Sending Section 43, Deploying the anti-

spoofing E-mails unsolicited 66A, 66D spam and anti-
emails through (Compensation spoofing solution at
Manual and and email gateways
automated punishment of
techniques three years
with fine)
15 Publishing Publishing Publishing or Section 67 Taking down of
or Obscene in transmitting the (Punishment of obscene materials
transmitting Electronic obscene content over three years over electronic
obscene Form electronic with fine) media
material
media like
websites, social
networking sites etc.

16 Pornography Publishing or Publishing Section 67A Taking down of

transmitting pornographic (Punishment of pornographic
material material over five years with material publishing
containing electronic media fine) websites/web-pages,
sexually like websites, online media etc.
explicit act social networking
sites etc.

17 Child Publishing Publishing Section 67B Taking down of

Pornography Obscene in pornographic (Punishment of pornographic
Electronic material five years with material publishing
Form involving involving children fine) websites/web-pages,
children over electronic online media etc.
media like
websites, etc.
18 Video Transmitting Transmitting Section 66E Taking down of such
Voyeurism Private/ Private/Personal (Punishment of content as available
and Personal s on Videos on three years over internet and
violation of internet and Internet and with fine) transmitted through
privacy mobiles mobiles mobiles.

19 Offensive Communication Sending or Section 66A Taking down of

messages of offensive Publishing the (Punishment of offensive messages
messages offensive three years from electronic
through messages over with fine) media and creating
computer/ electronic media user awareness on
phone like email, safe internet
websites and practices
social media

20 Hacking of Protection of Hacking the Section 70 Securing the

Protected Information computer (Punishment of computer systems
Systems Infrastructure systems by using ten years with and related
various methods fine) infrastructure,
creating user
Awareness and
training of system
administrators
 6

INCIDENTS OF CYBER CRIMES

Indian cyber space has witnessed significant rise in cyber-attacks/fraud, massive

probing and targeted attacks on IT assets are being reported. The Indian cyberspace is also
being used to host Command and Control Servers in the data centres. Attempts have been
noticed to attack telecom infrastructure particularly, the routers and Domain Name System
(DNS). There have been cyber attacks on the Government, public sector and private sector
IT infrastructures like website defacements, intrusions, network probing, and targeted attacks
to steal some information, identity theft (phishing) and disruption of services. About 300 end
user systems on an average are reported to be compromised on a daily basis. More than
100,000 viruses/worms variants are reported to be propagated on the net on a daily basis, of
which 10,000 are new and unique3.

As per the Cyber Crime data maintained by National Crime Records Bureau (NCRB),
incidence of cyber crimes (IT Act + IPC sections + SLL crimes) have increased by 69.0% in
2014 as compared to 2013 (from 5,693 cases in 2013 to 9,633 cases in 2014). A total of
2876, 4356 and 7201 Cyber Crime cases were registered under Information Technology Act,
2000 during 2012, 2013 and 2014 respectively. A total of 601, 1337 and 2282 cyber crime
cases were registered under Cyber Crime related sections of Indian Penal Code (IPC) during
2012, 2013 and 2014 respectively4. (See Annexure)

CHALLENGES
The cyber threat landscape is dynamic and evolving with innovative
technologies, techniques and actors and offenders are well versed with technology
and they are exploiting the lack of situational awareness of defenders. Cyber threats
like espionage and Denial of Service (DoS) attacks to offensive actions by adversarial
State and Non-State actors. Several countries are developing sophisticated malicious
codes as lethal cyber weapons. Large scale mapping of SCADA (Supervisory Control
and Data Acquisition) devices using specialized tools, pose major challenge for any
country.

3
Ibid, p. 8
4
Rajya Sabha Unstarred Question No. 1815, dated 5.8.2015
 7

The Department of Electronics & Information Technology (DeitY) has outlined

the following as the main issues and challenges observed in the cyber space:-
 Lack of adequate human resource to tackle the challenge (Auditors, Experts,
Skill development in IT)
 Infrastructure and Research and Development to secure Cyber Space
 Budgetary allocations to tackle the Cyber threats
 Threat emerging from servers hosted outside India
 Challenge posed by imported electronics/IT products
 Upcoming technology viz. Cloud Computing, Big data, Internet of Things(IoT)
etc.
 Balance between Cyber Security and Right to Privacy
 Expanding role and implementation of Information Technology across all
sectors in the country
 Growth in volume and complexity of Information Technology ecosystem in the
country
 Growth in volume of transactions and sensitive data exchange
 Rapidly changing security and threat landscape
 Difficulty in tracing origin of attack
 Need for reducing cyber security risk exposure of IT infrastructure and
ecosystem in the country
 Responsibility to ensure that proper processes, technology, governance
structure and compliance to laws and regulatory requirements are followed in a
borderless environment
 Defending borderless environment poses challenges which are dynamic in
nature5.

GOVERNMENT INITIATIVES
Cyber security requires a coherent conceptualization, clear vision of purpose and
objectives and a time bound plan of action. Formulation of a national approach involves using
elements of national power including political, economic, military and technological
capabilities during peace and war to achieve national objectives.

The Government has adopted an integrated; multi pronged strategy covering aspects
such as technical, administrative, legal and people steps to protect the cyber space6.

5 nd
Op.cit., 52 Report on Cyber Crime, p. 13
6
Ibid, p.34
 8

The major initiatives taken by the Government are as under:

 National Cyber Security Policy, 2013 (NCSP-2013)

The Government of India had formulated a National Cyber Security Policy whose stated
mission is "to protect information and information infrastructure in cyber space, build
capabilities to prevent and respond to cyber threats, reduce vulnerabilities and minimize
damage from cyber incidents through a combination of institutional structures, people,
processes, technology and cooperation". It seeks to do so by creating a secure cyber
ecosystem and an assurance framework, encouraging open standards, strengthening the
regulatory framework, vulnerability management, promotion of research and development
in cyber security and enhancing our technical skill sets and human resources.

In support of the National Cyber Security Policy, key cyber security projects, viz.,
National Cyber Coordination Centre (NCCC) and Botnet Cleaning & Malware Analysis
Centre, have been identified for implementation with a view to securing the cyber space in
the country and creating a secure cyber ecosystem7.

 Cyber Crisis Management Plan (CCMP)

Department of Electronics & IT (DeitY) formulated a Cyber Crisis Management Plan
(CCMP) for Countering Cyber-attacks and Cyber-terrorism.. The purpose of the CCMP is
to establish the strategic framework and actions to prepare for, respond to and begin to
coordinate recovery from a cyber incident. It is updated periodically to take into account
changing scenario of cyber threat landscape. The 2015 version of CCMP has been
released and has been circulated to all the key Central Government
Ministries/Departments/ States/UTs and other critical sector organizations including
Telecommunication service providers8.

 Information Technology Act, 2000

The IT Act, 2000 addresses all aspects related to cyber space in a comprehensive
manner with adequate compliance and deterrent provisions. There are number of
provisions in the Information Technology Act, 2000 which deal with various aspects of
actions in the cyber space. Section 43, Section 43A and Section 72A of the Information

7
Rajya Sabha Starred Question No. 177, dated 13.3.2015
8
Rajya Sabha Unstarred Question No. 2155, dated 7.8.2015
 9

Technology Act, 2000 provides a legal framework for protection of Privacy and Security of
data in digital form. Section 70 provides for declaration of any computer resource which
directly or indirectly affects the facility of Critical Information Infrastructure, to be a
protected system. Section 70A provides for establishment of a National Critical
Information Infrastructure Protection Centre (NCIIPC) as a national nodal agency in
respect of Critical Information Infrastructure Protection. Section 65, 66, 66A, 66B, 66C,
66D, 66E, 66F, 67, 67A and 67B contain provisions for deterrent punishment against host
of cyber related offences.

In addition, Section 70B and Section 69B of the IT Act provide for seeking information and
collection of data/information related to cyber incidents. These provisions help in security
incidents prevention and prediction. Section 84 A allows for prescription of suitable modes
or methods of encryption for promotion of secure e-commerce and e-governance in the
country. Separate rules for cyber cafes help in regulating the malicious activities that can
be carried out in cyber cafes and provide a mechanism to prevent and deal with instances
of cyber crime in an effective manner9.

 Indian Computer Emergency Response Team (CERT-In)

CERT-In is a functional organisation with the objective of securing Indian cyber space.
CERT-In creates awareness on security issues through dissemination of information on its
website and operates 24x 7 incidence response Help Desk. CERT-In provides Incident
Prevention and Response services as well as Security Quality Management Services.

CERT-In has been designated under Section 70B of the Information Technology
(Amendment) Act, 2008 to serve as the national agency to perform the following functions
in the area of cyber security:
• Collection, analysis and dissemination of information on cyber incidents
• Forecast and alerts of cyber security incidents
• Emergency measures for handling cyber security incidents
• Coordination of cyber incident response activities
• Issue guidelines, advisories, vulnerability notes and whitepapers relating to information
security practices, procedures, prevention, response and reporting of cyber incidents
• Such other functions relating to cyber security as may be prescribed 10

9
Rajya Sabha Starred Question No. 177, dated 13.3.2015
10
India, Department of Electronics and IT, Ministry of Communication and IT, Annual Report 2014-15, pp. 57-58
 10

 Role of Government Departments/Organisations

 NCSC: National Cyber Security Coordinator, in the National Security Council Secretariat
(NSCS) – PMO, is a recently created post with prime responsibility of coordinating cyber
security matters at the national level.
 MHA: Ministry of Home Affairs, through Intelligence and Law Enforcement Agencies under
its purview, has the responsibility of coordinating with different department and agencies for
national security matters, including cybersecurity, and acts as nodal agency for internal
security matters, intelligence, cyber forensics, investigation, etc.
 MEA: Ministry of External Affairs articulates Indian position on cybersecurity matters in
international fora and conferences, including bilateral and multilateral dialogues. Cyber
diplomacy is a key area for every nation in view of cyberspace being viewed as global
commons.
 MoD: Ministry of Defence is the nodal ministry for all wings of defence forces in India.
MoD, IDS (DIARA), formed under the aegis of Headquarters, Integrated Defence Staff, is
the nodal tri-Services agency at the national level to effectively deal with all aspects of
Information Assurance and operations. It has also formed the Defence CERT where
primary function is to coordinate the activities of services/MoD CERTs.
 DoT: Department of Telecommunications (DoT) will co-ordinate with all Internet Service
Providers (ISPs) and other service providers with respect to cyber security incidents and
response actions as deemed necessary by CERT-In, National Technical Research
Organisation(NTRO), MoD, Intelligence Bureau and other Government Agencies. DoT will
provide guidelines regarding roles and responsibilities of Private Service Providers and
ensure that these Service Providers install GIS based system to track the critical optical
fibre networks and arrangements of alternate routing in case of physical attacks on these
networks.

 Cyber Appellate Tribunal (CAT)

In accordance with the provision contained under Section 48(1) of the IT Act 2000, the
Cyber Regulations Appellate Tribunal (CRAT) has been established in October, 2006. As
per the IT Act, any person aggrieved by an order made by the Controller of Certifying
Authorities or by an Adjudicating Officer under the Act can prefer an appeal before the
Cyber Appellate Tribunal (CAT). This Tribunal is headed by a Chairperson who is
appointed by the Central Government by notification as provided under Section 49 of the
IT Act 200011.

 Security Awareness, Skill Development and Training

Activities to train the judiciary utilizing the Cyber Crime investigation training Labs set up
in the states of Northeast were continued and more than 200 judges and judicial officers
in the states of Assam and Meghalaya were trained with regard to Cyber crime forensic
and legal aspects.

11
Ibid, p. 60
 11

So far the projects have been initiated for (i) establishment of cyber security training
facility for Uttarakhand Police, (ii) Setting up of National Digital Crime Resource and
Training Centre at SVP National Police Academy, Hyderabad, (iii) Enhancement of cyber
forensic training lab for advanced training and capacity building in North East states, (iv)
Creation of mass cyber security awareness through training and campaign mechanism in
North East states and (v) Conducting Cyber crime awareness workshops for law
enforcement agencies.

CERT-In is regularly conducting trainings / workshops to train officials of Government,

critical sector, public/industry sectors, financial & banking sector and ISPs on various
contemporary and focused topics of Cyber Security12.

 International Collaboration
Security Co-operation is in progress between US-CERT and CERT-In for cyber security
incident resolution, information exchange and capacity building. CERT-In is collaborating
with overseas CERTs such as US-CERT, JP-CERT and Korean-CERT for incident
response and resolution. CERT-In in association with Ministry of External Affairs is
working to collaborate bi-laterally and Multi-laterally for enhancing cooperation in the area
of Cyber Security. Memorandum of Understandings (MoUs) are in place with Product and
Security vendors for vulnerability remediation.

 Digital India
In tune with the dynamic nature of Information Technology, continuous efforts are required
to be made to prevent and recover from cyber attacks. The Government of India under the
flagship programme of “Digital India” has a vision of providing digital infrastructure as a
utility to every citizen in safe and secure cyberspace. Digital Locker system has been
implemented, which envisages provision of private space on a public cloud to each citizen
where he/she can keep public records and can even exchange it for availing various
services. Digital Locker implements secure authentication mechanism to prevent leakage
of data through Cyber attacks. Further, eSign framework enables citizens to digitally sign
a document online using Aadhaar authentication13.

12
Ibid, pp. 59-60
13
Lok Sabha Starred Question No. 233, dated 5.8.2015
 12

In addition to the above major initiatives, the Government has also taken the following
specific measures to deal with cyber threat :

i). National Policies on IT, Telecom and Electronics: ‘Triad Policies’ came out in
2011 and lay down requirements for addressing cyber security concerns across
respective domains.

ii). Draft IoT (Internet of Things) policy: Released by DeitY in October 2014 to solicit
inputs from the industry and others on cyber security concerns in the IoT ecosystem.

iii). The Government has set up National Critical Information Infrastructure

Protection Centre (NCIIPC) to protect the critical information infrastructure in the
country.

iv). All government websites are to be hosted on infrastructure of National Informatics

Centre (NIC), ERNET India or any other secure infrastructure service provider in the
country.

v). All Central Government Ministries / Departments and State / Union Territory
Governments have been advised to conduct security auditing of entire Information
Technology infrastructure. All the new government websites and applications are to
be audited with respect to cyber security prior to their hosting. CERT-In provides
necessary expertise to audit IT infrastructure of critical and other ICT sectors.

vi). Indian Computer Emergency Response (CERT-In) has empanelled a total no. of 51
security auditors to carry out security audit of the IT infrastructure of Government,
Public and Private sector organizations.

vii). All major websites are being monitored regularly to detect malicious activities.

viii). Close watch is kept to scan malicious activities on the important networks in the
Government, Public and Service Providers.

ix). The Government has circulated cyber security policies and guidelines for
implementation by all Ministries/Departments.

x). Sectoral CERTs have been functioning in critical sectors such as Defence, Finance
and Power for catering to critical domains. They are equipped to handle and respond
to domain specific threats emerging from the cyber systems.

xi). Steps have been taken up for development of cyber forensics tools, setting up of
infrastructure for investigation and training of the users, particularly police and judicial
officers in use of tools to collect and analyze the digital evidence and present them in
Courts.

xii). India has been recognized as 'Certificate Issuing Nation' in the area of cyber security
testing under the Common Criteria Recognition Arrangement (CCRA). Under this
 13

arrangement, the certificates issued by India will be recognized internationally. This

recognition will help country to setup chain of test centres for testing of IT products
with respect to cyber security.

xiii). Cyber Crime Cells have been set up in States and Union Territories for reporting
and investigation of Cyber Crime cases.

xiv). The Government has set up cyber forensic training and investigation labs in the
States of Kerala, Assam, Mizoram, Nagaland, Arunachal Pradesh, Tripura,
Meghalaya, Manipur and Jammu & Kashmir for training of Law Enforcement and
Judiciary in these States.

xv). In collaboration with Data Security Council of India (DSCI), NASSCOM, Cyber
Forensic Labs have been set up at Mumbai, Bengaluru, Pune and Kolkata for
awareness creation and training programmes on Cyber Crime investigation. The
National Law School, Bengaluru and NALSAR University of Law, Hyderabad are also
engaged in conducting several awareness and training programmes on Cyber Laws
and Cyber Crimes for Judicial Officers.

xvi). More than 26000 Police Officers and 600 judicial officers have so far been trained in
the Training Labs established by the Government.

xvii). The Government of India has notified its Email Policy for all government officials both
at Centre and State level.

xx). CERT-In and Centre for Development of Advanced Computing (CDAC) are involved
in providing basic and advanced training to Law Enforcement Agencies, Forensic labs
and judiciary on the procedures and methodology of collecting, analysing and
presenting digital evidence.

xxi). CERT-In also conducts training programmes regularly to Chief Information Security
Officers, System Administrators, Network Administrators of different organizations in
Public and Private Sector in relevant areas of Cyber security such as vulnerability
assessment, advanced Cyber threat detection and mitigation, mobile security and
latest cyber security technologies to build capacity at organization level leading to
Cyber Intelligence skills

xxii). Government has also taken steps to put in place a Framework for Enhancing Cyber
Security, which envisages a multi-layered approach for ensuring defence-in-depth
with clear demarcation of responsibilities among the stakeholder organizations in the
country14.

14
Rajya Sabha Question No. 2155, dated 7.8.2015
 14

CONCLUSION
Cyber Security is a multi-dimensional concept, a complex issue straddling many
disciplines and fields. Nations have to take appropriate steps in their respective jurisdictions
to create necessary laws, promote the implementation of reasonable security practices,
incident management, and information sharing mechanisms, and continuously educate both
corporate and home users about cyber-security. It, therefore, calls for a strategic and holistic
approach requiring multi-dimensional and multi-layered initiatives and responses at national
and global level15.

15
NASSCOM Cyber Security Task Force, Data Security Council of India, 2015
 Annexure
State/UT wise cases registered and percentage variation under IT Act, related section of IPC and SLL crimes under Cyber Crime during 2012-2014
State/UT 2012 2013 2014#
Total Total Total Cyber PVAR Total Total Total Cyber PVAR Total Total Total SLL Total Cyber PVAR
Offences Offences Crime Offences Offences Crime Offences Offences Offences Crime
under IT Act under IPC Offences under IT Act under IPC Offences under IT Act under IPC Offences

Andhra Pradesh 429 25 454 22.0 635 16 651 43.4 171 74 37 282 -56.7
Arunachal Pradesh 12 0 12 -14.3 10 0 10 -16.7 14 4 0 18 80.0
Assam 28 0 28 -9.7 154 0 154 450.0 379 0 0 379 146.1
Bihar 23 7 30 -21.1 23 116 139 363.3 114 0 0 114 -18.0
Chhattisgarh 49 10 59 -24.4 91 10 101 71.2 106 15 2 123 21.8
Goa 30 2 32 77.8 57 1 58 81.3 36 26 0 62 6.9
Gujarat 68 10 78 16.4 61 16 77 -1.3 105 114 8 227 194.8
Haryana 66 116 182 304.4 112 211 323 77.5 135 9 7 151 -53.3
Himachal Pradesh 20 0 20 66.7 24 4 28 40.0 32 1 5 38 35.7
Jammu & Kashmir 35 0 35 150.0 46 0 46 31.4 30 0 7 37 -19.6
Jharkhand 10 25 35 6.1 13 13 26 -25.7 93 0 0 93 257.7
Karnataka 412 25 437 173.1 513 20 533 22.0 1010 2 8 1020 91.4
Kerala 269 43 312 27.3 349 34 383 22.8 401 46 3 450 17.5
Madhya Pradesh 142 55 197 91.3 282 60 342 73.6 148 121 20 289 -15.5
Maharashtra 471 90 561 42.7 681 226 907 61.7 511 1347 21 1879 107.2
Manipur 0 0 0 - 1 0 1 - 5 7 1 13 1200.0
Meghalaya 6 0 6 0.0 17 0 17 183.3 47 13 0 60 252.9
Mizoram 0 0 0 -100.0 0 0 0 - 22 0 0 22 -
Nagaland 0 0 0 - 0 0 0 - 0 0 0 0 -
Odisha 14 13 27 125.0 65 39 104 285.2 49 75 0 124 19.2
Punjab 72 6 78 -1.3 146 10 156 100.0 186 27 13 226 44.9
Rajasthan 147 7 154 5.5 239 58 297 92.9 542 145 10 697 134.7
Sikkim 0 0 0 -100.0 0 0 0 - 4 0 0 4 -
Tamil Nadu 39 2 41 -8.9 54 36 90 119.5 146 26 0 172 91.1
Telangana - - - - - - - - 688 15 0 703 -
Tripura 14 0 14 - 14 0 14 0.0 5 0 0 5 -64.3
Uttar Pradesh 205 44 249 118.4 372 310 682 173.9 1659 78 0 1737 154.7
Uttarakhand 4 0 4 -33.3 23 4 27 575.0 42 0 0 42 55.6
West Bengal 196 113 309 442.1 210 132 342 10.7 316 39 0 355 3.8
TOTAL STATE(S) 2761 593 3354 60.1 4192 1316 5508 64.2 6996 2184 142 9322 69.2
A & N Islands 2 0 2 - 18 0 18 800.0 5 8 0 13 -27.8
Chandigarh 33 0 33 230.0 9 2 11 -66.7 25 23 7 55 400.0
D&N Haveli 0 0 0 -100.0 0 0 0 - 3 0 0 3 -
Daman & Diu 0 0 0 -100.0 1 0 1 - 1 0 0 1 0.0
Delhi UT* 76 8 84 -15.2 131 19 150 78.6 169 67 1 237 58.0
Lakshadweep 0 0 0 - 0 0 0 - 1 0 0 1 -
Puducherry 4 0 4 100.0 5 0 5 25.0 1 0 0 1 -80.0
TOTAL UT(S) 115 8 123 4.2 164 21 185 50.4 205 98 8 311 68.1
TOTAL (ALL INDIA) 2876 601 3477 57.1 4356 1337 5693 63.7 7201 2282 150 9633 69.2
# Andhra Pradesh and Telangana were carried out from erstwhile Andhra Pradesh. * implies data is provisional for the year 2014.
Source: Rajya Sabha Unstarred Question No. 1815 dated 5.8.2015