Professional Documents
Culture Documents
IT Management and Cyber Security June 2013 Rajnish Kumar
IT Management and Cyber Security June 2013 Rajnish Kumar
Rajnish Kumar
Professor Information Technology
National Academy of Indian Railways
Structure of Lecture
Overview of major IT projects in IR Introduction to IT Act 2000 Being secure in Cyber space
CRIS
Centre for Railway Information System, New Delhi. http://cris.org.in/CRIS/Home/Home
It is an Autonomous Organization under the Ministry of Railways. It develops and manages the Information Technology applications of the Indian Railways. CRIS also provides IT applications for non-Railway Government and Public Sector organizations.
The ability of the system to deliver ticketing at remote corners of the country and provide uninterrupted services everywhere has been lauded by the Government of India and the project along with the CRIS team responsible for its initial design and implementation won the Prime Ministers Award for Excellence in Public Administration.
Application deployed on all Zonal Railways for Data Entry of Infrastructure Data (Phase-I). Development of forms for Phase-II is in progress.
RAIL RADAR
http://railradar.trainenquiry.com/ All Trains on Google map, can work on Android Smart phones.
Train enquiry
http://www.trainenquiry.com/searchtrain.aspx Mobile apps
Erail.in PNR status with maps by Vedanth Lath
Shaheen Dhadha and her friend Renu Srinivas were detained over a Facebook comment on a leaders funeral.
IT Act, 2000
Enacted on 17th May 2000- India is 12th nation in the world to adopt cyber laws IT Act is based on Model law on e-commerce adopted by UNCITRALUnited Nations Commission on International Trade Law
Extent of application
Extends to whole of India and also applies to any offence or contravention there under committed outside India by any person {section 1 (2)} read with Section 75- Act applies to offence or contravention committed outside India by any person irrespective of his nationality, if such act involves a computer, computer system or network located in India
Electronic World
Electronic document produced by a computer. Stored in digital form, and cannot be perceived without using a computer
It can be deleted, modified and rewritten without leaving a mark Integrity of an electronic document is genetically impossible to verify A copy is indistinguishable from the original It cant be sealed in the traditional way, where the author affixes his signature
The functions of identification, declaration, proof of electronic documents carried out using a digital signature based on cryptography.
Electronic World
Digital signatures created and verified using cryptography Public key System based on Asymmetric keys
An algorithm generates two different and related keys
Public key Private Key
Private key used to digitally sign. Public key used to verify. (This is a complex subject we will not focus on this in this lecture)
Sections 5, 6 & 7
Legal recognition of Digital Signatures Use of Electronic Records in Government & Its Agencies Publications of rules and regulations in the Electronic Gazette.
Retention of Electronic Records Accessibility of information, same format, particulars of dispatch, origin, destination, time stamp ,etc
Case in point : NDMC Electricity Billing Fraud Case: A private contractor who was to deal with receipt and accounting of electricity bills by the NDMC, Delhi. Collection of money, computerized accounting, record maintenance and remittance in his bank who misappropriated huge amount of funds by manipulating data files to show less receipt and bank remittance.
Needs to be popularized
Section 46 IT Act
Section 46 of the IT Act states that an adjudicating officer shall be adjudging whether a person has committed a contravention of any of the provisions of the said Act, by holding an inquiry. All proceedings before him are deemed to be judicial proceedings, every Adjudicating Officer has all powers conferred on civil courts Appeal to cyber Appellate Tribunal- from decision of Controller, Adjudicating Officer {section 57 IT Act}
(a) the amount of gain of unfair advantage, wherever quantifiable, made as a result of the default;
(b) the amount of loss caused to any person as a result of the default; (c) the repetitive nature of the default
Tampering with Computer source documents Sec.65 Hacking with Computer systems, Data alteration Sec.66 (Modified by amendment in 2008, discussed in length later) Publishing obscene information Un-authorized access to protected system Breach of Confidentiality and Privacy Publishing false digital signature certificates
Contd..
Types of Cyber Crime
Cyber Crime Cyber Stalking Cyber Pornography including child pornography Intellectual Property Crimes Brief Description Stealthily following a person, tracking his internet chats. Publishing Obscene in Electronic Form involving children Source Code Tampering, piracy, copyright infringement etc. Protection against cyber terrorism Relevant Section in IT Act 43, 65, 66 67, 67 (2) Punishments
3 years, or with fine up to 2 lakh 10 years and with fine may extends to 10 lakh 3 years, or with fine up to 2 lakh Imprisonment for a term, may extend to 7 years 3 years, or with fine up to 2 lakh 3 years, or with fine up to 2 lakh
te
65 69
Cyber Terrorism
Destruction, deletion, alteration, etc in a computer resources Bank Financial Frauds in Electronic Banking Unauthorised access to computer
66 43, 65, 66
Privacy
If punishable with death, imprisonment for life or imprisonment for more than 7 years: cognizable, NonBailable, Court of Session If punishable with imprisonment for 3 years and upwards but not more than 7 years: Cognizable, Non-Bailable, Magistrate of First Class
If punishable with imprisonment of less than 3 years: NonCognizable, Bailable, Any Magistrate (or Controller of CAs)
Extends to the whole of India (Section 1). Authentication of electronic records (Section 3) Legal Framework for affixing Digital signature by use of asymmetric crypto system and hash function (Section 3) Legal recognition of electronic records (Section 4) Legal recognition of digital signatures (Section 5)
42
Various types of computer crimes defined and stringent penalties provided under the Act (Section 43 and Sections 66, 67, 72)
Establishment of Cyber Appellate Tribunal under the Act (Sections 48-56) Appeal from order of Adjudicating Officer to Cyber Appellate Tribunal and not to any Civil Court (Section 57) Appeal from order of Cyber Appellate Tribunal to High Court (Section 62)
43
New Section to address technology neutrality from its present technology specific form (i.e. Digital Signature to Electronic Signature)- Section 3A
New Section to address promotion of e-Governance & other IT application a) Delivery of Service b) Outsourcing Public Private Partnership- Section 6A New Section to address electronic contract-Section 10A New Section to address data protection and privacy -Section 43
44
New Section for power to Indian Computer Emergency Response Team- CERTin to call and analyse information relating to breach in cyber space and cyber security-Section 70 B Revision of existing Section 79 for prescribing liabilities of service providers in certain cases and to Empower Central Government to prescribe guidelines to be observed by the service providers for providing services. It also regulate cyber cafes.-Section 79 New Section for Examiner of Digital Evidence-Section 79A New Section for power to prescribe modes of Encryption-Section 84A Punishment for most of offences were reduced from three years to two years
45
66A. Punishment for sending offensive messages through communication service, etc. Any person who sends, by means of a computer resource or a communication device, (a) any information that is grossly offensive or has menacing character; or (b) any information which he knows to be false, but for the purpose of causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred or ill will, persistently by making use of such computer resource or a communication device,
(c) any electronic mail or electronic mail message for the purpose of causing annoyance or inconvenience or to deceive or to mislead the addressee or recipient about the origin of such messages, shall be punishable with imprisonment for a term which may extend to three years and with fine.
Read Pavan Duggals (an advocate at the Supreme Court of India) article in Business Standard, link: http://www.business-standard.com/article/economy-policy/-b-pavan-duggal-bsection-66a-of-it-act-your-friend-or-foe-112112800134_1.html
When you send Offensive message or otherwise either by means of a Computer, Computer System, Computer Network or using Mobile Phone, Smart Phone, iPhone, iPad, Tablet, Smart Devices, Personal Digital Assistants, BlackBerry or any other communication devices, you could be covered under Section 66A of the amended Indian Information Technology Act, 2000
Section 41 of the CrPC empowers the police to arrest any person without an order from the magistrate and without a warrant in the event that the offence involved is a cognizable offence. Section 156 (1) empowers the investigation by the police into a cognizable offence without an order of a magistrate.
Guidelines
Care.
Till such time Section 66A is either changed, modified, varied or amended, it will be imperative that you exercise due diligence when you send information on the Internet, social media and mobile networks.
The focus of the law is not on publishing information, it is on the offence of sending information.
Scam Artists
Email scams are meant to take your money Scams on Craigslist that are using you to commit fraudulent activities
Coffee-Shop-Data-Collectors
Most public wireless connections are NOT secure Its easy to capture your data Dont log into websites that reveal your sensitive credentials (email, bank account, etc.) Use onboard firewall software Lock your screen before leaving your seat Dont store sensitive information on your computer Use an encrypted VPN (Virtual Private Network)
Typical unsecured wireless connection. This is what you think that you are logging into
Passwords
Strong Passwords: Phrases, mixed case, special characters, and long: - 5db10mw! (Slow Down Buddy Im On My Way!) - w@yD0wny0nd3r#% (Way Down Yonder #%)
A sample of a fraudulent email that can be sent to ICICIBank.com customers. It purports to be from ICICIBank.com but it is not. Its intent is to get you to enter sensitive information about your account and to then use this information to commit fraud.
To ensure a legitimate and safe sign on, always enter www. icicibank.com in your browser.