Friday, August 17, 2012

Cyber Security For Power Energy And Utilities In India

Cyber security challenges for smart grids and utilities in India are not unknown these days. Recently, India's power minister Veerappa Moily constituted a three-member panel to investigate massive power failures in the country a few days before.

Keeping in mind the cyber attack angle, he also added four additional members, including a cyber-security expert in this panel making it a seven member’s panel. It is obvious that India is excluding any possible cyber intrusions and cyber attack upon the power grids that may have resulted in blackout.

Power grids and utilities cyber security in India and their challenges are not easy to manage. They require a systematic, dedicated and security oriented approach on the part of Indian government. In fact, smart meters are becoming headache for power companies world wide.

Cyber security in India is still in its infancy stage. Naturally, the critical infrastructure protection in India is still not upto the mark. In fact, we have no critical ICT infrastructure protection policy of India  as well.

Meanwhile, sophisticated and specially customised malware like Stuxnet and Duqu have already proved that critical infrastructures around the world like power grids, nuclear facilities, satellites, defense networks, governmental informatics infrastructures, etc are vulnerable to diverse range of cyber attacks.

Perry4Law Techno Legal Base (PTLB) strongly recommends that Indian government must ensure cyber security of energy and utilities in India as soon as possible. SCADA may be the new cyber attack priority for cyber criminals and rouge nations. We must ensure sufficient cyber protection of SCADA systems in India in general and critical infrastructure in particular.

Monday, August 13, 2012

India's Cyber Security Challenges

Cyber security issues of India require special attention of Indian government. Indian government has started paying attention to some aspects of cyber security requirements of India. However, we have still to cover a long gap in this direction.

Cyber security challenges in India come from diverse activities and so cyber security in India and its challenges and problems require dedicated efforts by our government. For instance, critical infrastructure protection in India is one of the areas that must be considered on a priority basis. We must also understand the cyber security challenges for the smart grids in India.


We have no critical ICT infrastructure protection policy of India  as well. Sophisticated malware like Stuxnet and Duqu have already proved that critical infrastructures around the world like power grids, nuclear facilities, satellites, defense networks, governmental informatics infrastructures, etc are vulnerable to diverse range of cyber attacks.

Related fields like mobile banking cyber security in India also need to be analysed in depth. As on date we have no implementable mobile governance in India and mobile governance policy in India. Even cyber security of banks in India is not satisfactory at all. Recently, RBI warned Indian banks for inadequate cyber security. Naturally, exploring the option of mobile banking in India is risky in these situations. This is so because mobile banking cyber security in India is missing and mobile banking cyber security is required in India.

The major problem with Indian cyber security initiatives is that India is launching various projects and initiatives without considering their cyber security aspects. This is a bad policy decision as we are launching projects that are affecting our lives that also without adequate cyber security safeguards.

We need a techno legal cyber security policy of India that can tackle the challenges of present cyber attacks and cyber crimes. Such a cyber security policy of India must consider all the abovementioned aspects in detail and ensure both offensive and defensive cyber security capabilities for India.

Thursday, August 9, 2012

Cyber Security Firms, Companies And Consultants In India Must Be Pro Active

Cyber security issues in India have been emerging in India these days. With the growing numbers of cyber crimes in India and cyber attacks against India, we need more cyber security firms, companies and consultants in India.

As on date, we have selective cyber security firms, companies and consultants in India. This is because cyber security is a domain specific field that requires techno legal expertise. As on date techno legal skills development in India are missing. This is so because our educational system in India is defective and there are very few techno legal institutions in India that are providing cyber security trainings in India.

This has also necessitated the growing use of online cyber security courses in India so that the skills development and trainings gap can be minimised in India. Perry4Law and Perry4Law Techno Legal Base (PTLB) have been managing the exclusive techno legal cyber security virtual campus of India that is providing cyber security courses and trainings in India through distance learning and e-learning mode. 

Cyber security in India and its challenges and problems are now well known and it would be in our own interest to develop cyber security capabilities in India. There are numerous cyber security challenges in India that India must be well prepared to tackle in the future.

Presently we do not have strong cyber law and effective cyber security capabilities in India. Further, if we analyse the cyber security reflections the trend is really troublesome. The cyber law, cyber crimes and cyber security trends by Perry4Law and PTLB have shown the loopholes of Indian cyber security capabilities.

Cyber security firms, companies and consultants in India must be pro active towards cyber security. They must develop both offensive and defensive cyber security capabilities so that they can serve India better.

Monday, August 6, 2012

Power Grids Cyber Security In India And Its Challenges

Cyber security issues in India are diverse in nature and they cover a wide variety of areas. Managing cyber security of different areas requires different outlook and extensive expertise. Some areas require tremendous cyber security expertise whereas others require basic level cyber security capabilities. In any case, cyber security capabilities of India must be strengthened so that it can tackle various forms of cyber attacks.

Critical infrastructure protection in India is one area that requires urgent attention of Indian government. Critical infrastructure includes power grids, satellites, defence installations, atomic plants, etc. Most of these critical infrastructures are managed by supervisory control and data acquisition (SCADA) systems.

SCADA generally refers to industrial control systems (ICS) like computer systems that monitor and control industrial, infrastructure, or facility-based processes. The SCADA systems may involve a human machine interface (HMI), a supervisory system managing the processes, remote terminal units (RTUs) interacting with the supervisory systems, programmable logic controller (PLCs) usable as field devices, etc.

SCADA may be the new cyber attack priority for cyber criminals and rouge nations. We must ensure sufficient cyber protection of SCADA systems in India in general and critical infrastructure in particular.

The recent power blackout in India was massive in nature. Although no hints of a cyber attack upon the critical infrastructure and SCADA system was reported yet this may be a possibility in the future. Further, till now we are not even aware that the recent power outrage was due to poor power infrastructure of India or due to any attack upon the SCADA systems managing the power grids, if any.

India's power minister Veerappa Moily has constituted a three-member panel to investigate last week's massive power failures in the country. Now he has added four additional members, including a cyber-security expert in this panel making it a seven member’s panel. It is obvious that India is also not excluding the cyber attack angle as well and is investigating the possibility of any cyber attacks against the power grids of India.

This is a good decision and Perry4Law and Perry4Law Techno Legal Base (PTLB) welcome the same. We also recommend that cyber security of automated power grids of India must be endured.  We hope for the best in this regard.

Cyber Security Issues In India

Of late cyber security in India has been considered essential part of India’s cyber capabilities.  However, India is still not prepared to tackle the menaces of cyber attacks and cyber crimes. This is so because we have neither a strong cyber law nor effective cyber security capabilities in India.

Further, if we analyse the cyber security reflections the trend is really troublesome. The cyber law, cyber crimes and cyber security trends by Perry4Law and Perry4Law Techno Legal Base (PTLB) have shown the loopholes of Indian cyber security capabilities.

Critical infrastructure protection in India is not in a very good shape. We have no critical ICT infrastructure protection policy of India  as well. Sophisticated malware like Stuxnet and Duqu have already proved that critical infrastructures around the world like power grids, nuclear facilities, satellites, defense networks, governmental informatics infrastructures, etc are vulnerable to diverse range of cyber attacks.

The truth is that cyber attacks are affecting Indian critical infrastructure and we are not even aware of the same. Critical infrastructure protection in India is needed as soon as possible.


Another area of lacuna is that we have no implementable mobile governance in India and mobile governance policy in India. Even cyber security of banks in India is not satisfactory at all. Recently, RBI warned Indian banks for inadequate cyber security. Naturally, exploring the option of mobile banking in India is risky in these situations. This is so because mobile banking cyber security in India is missing and mobile banking cyber security is required in India.

There are many cyber security issues in India that have remained unredressed so far. It would be a good option if Indian government starts strengthening various aspects of cyber security in India one by one.

Friday, August 3, 2012

Data Protection Laws In India And Privacy Rights In India

Data protection and privacy rights are two of the most important rights conferred by any civilized nation. Every individual and organisation has a right to protect and preserve her/its personal, sensitive and commercial data and information. This is more so regarding health information and details that is required to be kept secret by laws like Health Insurance Portability and Accountability Act of 1996 (HIPAA) in United States.

India does not have a dedicated law like HIPPA and presently HIPPA compliances in India are not followed. Similarly, we have no dedicated medical privacy law in India that can safeguard the sensitive health related information of the patients. In short, we have no dedicated data protection laws in India, data privacy laws in India and privacy rights and laws in India.  

Of course, we have general laws and some of the provisions of these laws can be applied to data security, data protection and privacy protection in India. However, that is a temporary solution and in the long run we need dedicated privacy rights, privacy laws and data protection laws in India.

Further, in this information technology era a special attention must be paid to the privacy rights in India in the information age. We believe that data protection requirements are essential part of civil liberties protection in cyberspace. With the growing use of information and communication technology (ICT), data protection requirement has become very important. It would not be wrong to assume privacy and data protection rights as integral part of human rights protection in cyberspace.

However, despite the importance of these fields, till now we lack legal frameworks in the fields of data security, data protection and privacy protection. We urgently need to formulate data protection law in India and privacy laws in India. 

At the policy level as well privacy rights and data protection rights have been ignored in India. In fact, an Indian national privacy policy is missing till now. Even legislative efforts in this regard are not adequate in India. A national privacy policy of India is urgently required.

A right to privacy bill of India 2011 has been suggested in the year 2011 yet till now we do not have any conclusive draft in this regard that can be introduced in that Parliament of India. In fact, we are still waiting for a public disclosure of final and conclusive proposed draft right to privacy bill 2011 of India that can be discussed in the Parliament.

The ball is again in the court of judiciary and it has to play a pro active role once again. The Supreme Court of India must expand privacy rights in India as that is the need of hour. Fortunately, the issue is already pending before it and there would not be much trouble in formulating a privacy framework for India.

However, in the ultimate analysis, it is the constitutional duty of Indian Parliament to do the needful in this direction. Indian Parliament must enact sound and effective privacy and data protection laws for India as soon as possible.