This article has been written by Khushi Ahuja, from Vivekananda Institute of Professional Studies on the issues of cyberterrorism, its development, growth, risk factors and the major threat that it holds in itself for India and its future with reference to relevant precedents and laws.
Information and communication technology plays a crucial role in the modernization of the world. ICT was mainly designed for unified communications along with the integration of telecommunication and computers with other systems which would help facilitate networking, access to information, storing, transmission and manipulation of data. It made human functioning easier and promoted interaction and networking which eased the difficulties across the lives of the globe. But isn’t it human nature to fall into the pits of revenge, cheating and destruction through misuse, that they always find some or the other way to inappropriate the blessings of wonderful resources that do nothing but benefit them? Thus started the ill – commission of terrorist-related offences in the form of cyber-enabled terrorism leading to the rise of targetted victims. ICT thus being no exception to the ravages of human behaviour, began to be used to promote, support, facilitate, and engage in acts of heinous crimes like terrorism.
What is cyberterrorism?
Even after several trials and analysis, there has been no clear cut definition of the term ‘cyberterrorism’. Most of the discussion regarding the topic has been through the media which is a firm believer of adding drama and sensation. Thus, no good, effective and operational definitions have been produced yet.
Dorothy Denning, professor of computer science has put forward a definition in numerous articles and in her testimony on the subject, before the House Armed Services Committee in May 2000 –
“Cyberterrorism is the convergence of cyberspace and terrorism. It refers to unlawful attacks and threats of attacks against computers, networks and the information stored therein when done to intimidate or coerce a government or its people in furtherance of political or social objectives. Further, to qualify as cyberterrorism, an attack should result in violence against persons or property, or at least cause enough harm to generate fear. Attacks that lead to death or bodily injury, explosions, or severe economic loss would be examples. Serious attacks against critical infrastructures could be acts of cyberterrorism, depending on their impact. Attacks that disrupt nonessential services or that are mainly a costly nuisance would not.”
Other scholars have also given unique deﬁnitions of cyber terrorism. Pollitt deﬁned cyber terrorism as “the premeditated, politically motivated attack against information, computer systems, and data which results in violence against non-combatant targets by sub-national groups and clandestine agents.”
Cyber terrorism and it’s scope isbased on the place where it occurs than through the medium i.e. the virtual/cyber world. Thus it is not a distinguished crime but a form of terrorism executed through a unique mode dismissing every claim of it being an independent crime. There have been no concrete set of rules, definitions or provisions related to cyber terrorism in the international arena, except countries having their code of conduct, hence, giving en edge to the greater importance of defining cyberterrorism in an apt manner. Terrorism in today’s age consists of conventional terrorism, where classic weapons are used to destroy property and kill victims in the physical world and techno terrorism, in which weapons are used to destroy infrastructure, targets and causes a disruption in cyberspace and cyberterrorism is where new weapons like malicious software, electromagnetic and microwave weapons will operate to destroy data in cyberspace to destroy certain aspects of the physical world.
A terrorist attack can be carried out through cyberspace or by using information and communication technologies and, particularly, the internet to carry out a series of actions linked to the objectives it pursues which do not necessarily constitute cyberterrorism but may lead to the existence of facilitation of future cyberterrorism behaviours. The definition of cyberterrorism has come to include both disruption and violence in cyberspace in the same manner as in the traditional form of terrorism with physical destruction and violence. The upcoming use of new technology is helping terrorist groups to have a global reach although they may have very few members.
So in widely accepted terms, Terrorist behaviour being perpetrated in cyberspace is known as cyberterrorism and for such terrorist activities to be executed in cyberspace, it is necessary that the behaviour carried out “in” or “through” cyberspace has a structure, a harm principle and the elements that follow the classification which must be jointly present to prove the conduct in a question as cyberterrorism. Unlike cyber crimes, It is not just the manipulation of data or software that causes a large number of people to lose money or information through the internet, unless such loss leads to economic ruin, leakage of relevant scientific or academic information and a consequent impact on the life or health of its victims.
So far, according to various experts, terrorist groups “still prefer bombs to bytes” giving an apt picture of the fact that although “cybernetic attacks can be cheaper and easier to execute than a physical attack they are less dramatic and effective than attacks carried out in the real world”.
Establishing the harm principle helps identify the sufferers of a crime and the people being targeted to bear the consequences. Cyberterrorism does not immediately attack an individual interest. It majorly affects an interest that is owned by the general public. It can also be affirmed that cyberterrorism constitutes an attack against institution, state, or national interests to violate the constitutional order and create a greater impact with long-lasting consequences to prove and extend a political agenda.
Cyberterrorism in its entirety consists of two crucial elements, the teleological element and instrumental element. The teleological element describes cyberterrorism being committed with the objectives of altering the constitutional order or to capsize the legitimately elected government, through a major political agenda The instrumental element perpetrates that acts must be executed in a manner that instill a sense of terror in people’s minds, establishing a belief that anyone anywhere could be a victim of cyberterrorism, involving the realization of an indiscriminate attack “in” or “through” the cyberspace, with devastating consequences like deaths, serious injuries or other similar outcomes in the real world.
The weapons of the cyberterrorists exist to destroy or modify computer data and files with the weapons and the targets being the electrons moving within cyberspace.
Joseph Seanor of CIBIR Corporation gave his viewpoint on the Methods of Operations of Cyberterrorists. According to him, The critical element in cyberterrorism, and information warfare, is knowledge. He also talks about the potential weapons in cyber-terrorism that can cause the required destruction –
- Trojan Horses
- Electro-Magnetic Pulse Weapons
Cyber Security is defined under Section 2(1)(nb) of IT Act, 2000 as the protection of information, Equipment, devices, computer resources, communication devices and information from unauthorised access, use, disclosure, disruption, modification and destruction.
Cybersecurity deals with technologies, processes, and practices that are designed to protect networks, devices, software, systems, programs, and data and sensitive information from attack, damage, or uninvited access. It is an effort to secure ICT, to protect ICTs from unauthorized access that affects the CIA triad of Confidentiality, Integrity and Accessibility. The notion of unauthorized access refers to the presence of an adversary capturing intentional threats. There is a growing need for cybersecurity because the government, military, financial, corporate, and medical organizations collect, process, and store large amounts of data which can be sensitive information, on computers and other devices. Leakage of such information might lead to negative consequences which make situations like transmission of sensitive data across networks vulnerable to exploitation. Cybersecurity aims at protecting the information from being placed in the wrong hands. The most difficult challenge and barrier in the implementation of cybersecurity is the evolving nature and uncertainty of security risks.
Thus there is a significant need on the part of organizations and companies to respond to any cyber incident with force to restore normalcy and bring back on the track the company’s assets and reputation by focussing on three key areas:
- identifying the most valuable information that requires protection;
- identifying the potential threats and risks facing the information;
- outlining the damage that would incur and being prepared before hand if anything goes wrong.
International Organization for Standardization (ISO) is the international cybersecurity organization which works for the development of Information Technology Management Systems.
In India, we have the National Cyber Security Policy, headed by the Minister of Communication and Information Technology that protects the public and private infrastructure from cyber-attacks.
Cyber terrorism in the world
“We are at risk. Increasingly, America depends on computers. . . . Tomorrow’s terrorist may be able to do more damage with a keyboard than with a bomb.”- The National Academy of Sciences
Terrorism is a global phenomenon that is not limited to any national borders. Terrorism doesn’t take into account geographical limitations and transcends the boundaries. Due to the increasing dependence on computer networks and virtual connections, a global sphere in cyberspace has been created which has the greatest potential to be misused, to carry out cyberterrorism and pursue other international terrorist goals. With new technology coming up every day and changes in its usage and development, the risks of potential threats have been rising continuously, ranging from leaking of valuable information to misuse of the power and irreversible consequences across the globe.
Terrorists have given way to cyberterrorism over conventional terrorism as it is easier for them to launch their attack from far off distances as they do not confine themselves to boundaries and need a larger impact for their propagandas. Cyberspace gives the arena so convenient to direct their motives to the destinations. The result of such attacks too are hefty and have major consequences compared to the traditional methods because the traditional terrorist attack is restricted to a vicinity, while cyber terrorism is potentially capable of being committed over a wide area or a network through information and cyber-attacks, using computers in an area remote from the place the attack occurs. The result of these attacks does not only remain in the virtual world but reach real life by the destruction of property and the loss of life.
There is a rapid growth in the numbers of cyber terrorism acts with the progress and development to a digital world as-
- The countries are slowly taking their functions to a digital platform with excess dependence on the virtual space. This dependence is making the governments and their sensitive information prone and vulnerable to attacks which slow down their functions.
- Digital space allows a widespread impact and a far reach as compared to the traditional attack, thus making it a more severe and dangerous form of terrorism.
- The Internet is a very unpredictable and unexplored medium which can easily create tension and threats in the mind of the people thus making it an apt tool to be misused.
- Virtual attacks are easy to be conducted and do not require one’s physical presence thus a winning situation to maintain anonymity and create the required impact without actually being present in the situation.
Till 2017, no major incidents as such led to major setbacks or risks in the arena of cyberspace, but this dynamic changed after the WannaCry and NotPetya incidents in 2017, raising questions about the provisions and need for stringent regulations in this field. These attacks affected organizations in more than 150 countries and prompted business interruption along with other losses estimated at well over USD 300 million by some companies. There was an outroar due to reputational damage and loss of sensitive customer data.
Cyber terrorism in India
India has begun its development and reliance on technology depicting its steady growth and shifting to a modern form of governance. Sectors like income tax, passports and visas have taken the driver seat to e-governance with police and judiciary culminating its way upward. This growth has both positive as well as negative aspects to it. With use comes greater responsibility of handling data online with care as any damage can have catastrophic consequences and India cannot afford to collapse. The episodes of online warfare and cyber-attacks are high against India. Time and again we have been attacked in full force by China and Pakistan.
China, who on one hand is strengthening its ability to wage electronic warfare, on the other hand, Pakistan has increased cyber attacks on India and its crucial websites in retaliation to the Jammu and Kashmir issue, thus extending their warfare to completely new, unpredictable and dangerous zones like cyberspace. Hacker groups have intensified their raging attacks on India and we need a strong and structured system to fight the digital war. The acts of cybercrimes and terrorism have multiplied in lots and bounds, the Parliament of the Republic of India has not yet enacted any legislation that specifically addresses the problem of cyber coercion. However, there are some existing legislation and some amendments to incorporate it at intervals to deal with the issues.
Relevant provision and laws
The international system
There is a built-in safety valve in the international system that helps mitigate existing and emerging threats. One of the main policy tools of provisions includes the work of the General Assembly First Committee that focuses on the ICT realm and try to develop norms and a standard of appropriate behaviour for actors to respond to such threats to ensure a stable ICT environment. The on Disarmament and International Security. It has also provided a framework for confidence- and capacity-building measures anchored in the principles of cooperation and transparency that aim at creating a conducive environment for implementing the norms recommended by the GGEs.These efforts have been recognized by many organizations to stop terrorist and criminal use of the Internet, protect basic human rights and fundamental freedoms.
There are several conventions which apply to the issue of cyberterrorism-
- 1963 Convention of offences and certain other acts committed on Board Aircraft,
- 1970 Convention for the Suppression of Unlawful Seizure of Aircraft,
- 2010 Protocol Supplementary to the Convention for the Suppression of Unlawful Seizure of Aircraft,
- 1971 Convention for the Suppression of Unlawful Acts against the Safety of Civil Aviation,
- 1973 Convention on the Prevention and Punishment of Crimes against Internationally Protected Persons,
- 1979 International Convention against the Taking of Hostages,
- 1980 Convention on the Physical Protection of Nuclear Material,
- 1988 Protocol for the Suppression of Unlawful Acts of Violence at Airports Serving International Civil Aviation,
- 1989 Supplementary to the Convention for the Suppression of Unlawful Acts against the Safety of Civil Aviation,
- 1988 Convention for the Suppression of Unlawful Acts against the Safety of Maritime Navigation,
- 2005 Protocol to the Convention for the Suppression of Unlawful Acts against the Safety of Maritime Navigation,
- 1988 Protocol for the Suppression of Unlawful Acts against the Safety of Fixed Platforms Located on the Continental Shelf.
The Indian system
India has always taken a tough stance and fought against acts of terrorism. It does not come as a shocker that India, in the context of cyberterrorism, has formulated stringent laws and policies to overcome the uncertain yet grave danger to the society and important infrastructure. Our nation has equipped its Information and Technology Act,2000 with stringent laws. The original IT Act was drafted by T. Vishwanathan, but the idea of cyber terrorism wasn’t included in the parental legislation. In the year 2008 after witnessing the incidents of international and national incidents of cyberterrorism, there was a realized need for strong and stringent provision as well as punishment of cyber terrorism.
- The use of technology in the Mumbai attacks of November 2008 made India adopt the amendments to its 2000 IT Act in December 2008, which inculcated provisions related to cyber terrorism, which might be applied in the future. In the purview of these amendments, Section 66F had been inserted in the Act by Information Technology (Amendment) Act, 2008. This section contains the substantive offence of committing the act of cyber terrorism. The insertion of this provision was a necessary step to prevent jeopardy of civil liberties as we are increasingly relying on information technology to serve our essential government services.
- This section attracts imprisonment or life imprisonment in case the offence is committed to threaten the integrity, unity, sovereignty and security of India along with inciting terror in the minds of the people.
- It constitutes the denied access to a person who is authorized to access computer resources or Attempting to penetrate or access a computer resource without authorization or exceeding the limits of authorized access or Introducing any computer contaminant.
- The section says if by the means of such conduct, the person causes or is very likely to cause death or injuries to persons or to damage to or disrupts or knowing that it is like to cause damage or disruption of supplies and services essential to the life of the community or destruction of property or is likely to adversely affect the critical information infrastructure specified under section 70, the act would be punishable.
- If the person knowingly or intentionally accesses a computer resource without the authority or exceeding the authorized access, and obtains access to information, data or computer database that is restricted for reasons for the security of the state or foreign relations, or any restricted information, with sufficient reasons to believe that such information, data or computer database can be misused, will have committed an offence.
- The scope of cyber terrorism is exhaustive according to this section.
- The Sections 66-F, 70, 70-A and 70-B of the Information Technology Act, 2000 makes it possible for the government to maintain cybersecurity in the country.
- The term “Critical Information Infrastructure” in Section 66F is defined in the Explanation enshrined in the amended Section 70. It talks about protected systems and allows the government to notify a computer resource affecting the facility of critical information infrastructure to be a protected system.
- Section 70A has been formed to secure the CII through a National Nodal Agency which will be established by the Central Government.
- Section 70B gives power to the Indian Computer Emergency Response Team (CERT-IN) as the national focal point for gathering information on threats and to facilitate the Central Government‟s response to computer centred incidents.
- Sections 70-A and 70-B cover both the investigatory process and the preventive measures.
- The section under the IT Act deals with a wide variety of issues including:
- hacking ( Sections 43 & 66 )
- phishing ( Sections 66C, 66D & 74)
- identity fraud ( Sections 66C )
- electronic theft (Sections 72 & 72A)
- All offences under the IT Act have extraterritorial jurisdiction as long as it is committed using a resource or network located in India.
- The cybersecurity measures in India are provided under the Information and Technology ruled (CET-In rules) 2013 which direct the entities to request for assistance if a victim of any such cyber offences. This helps in identifying, monitoring, preventing, detecting, mitigating and management of the incidents. Apart from this, many other such security-related compliances guide and monitor the incidents like SPDI – rules and CMA rules.
Cyber Security Organizations
- National Cyber Security Organization in Israel
- National Institute of Standards and Technology NIST
- United State Department of Homeland Security
- National Cyber Security Centre,
- United Kingdom government organization
- SANS Institute SysAdmin, Audit, Network and Security
- Ashmit Thakur Information Security
- Data Resolve Technologies Pvt. Ltd
- Mirox Cyber Security and Technology Pvt. Ltd
- National Informatics Centre (NIC)
Need for more stringent provisions
Digital devices and information are now integrated with today’s society, from computers being used to performing everyday tasks, mobile phones used extensively by people of all ages to sending and receiving calls and messages. The increase in the use of these devices not only supports an individual’s productivity but is now being used to perpetrate crimes and criminal activity.
Two concepts are often embodied in academic definitions of any form of terrorism: violence and terror. The growing fear of cyberterrorism involves prevention and repression of the perpetration of a series of complex challenges in a global and technologically interconnected world. Cyberterrorism constitutes a major threat which requires urgent precautions to be taken, especially if it is considered that it can operate as a complement or suitable support for traditional terrorism. The combining of traditional and cyberterrorism can increase the already existing intensity of the fear and impact of terrorism. Terrorists have kept pace with the advancing technology and change in the methods used, thus leaving no gap between their intentions and their tactics. They consistently are finding ways to strive for the impacts they dream of to exploit society through evolution. There are quite many implications of information age terrorism.
Potential risks of ICTs
- The critical infrastructure industries like health and emergency systems are going online with their functioning, forecasting a sharp increase in connected devices which would be susceptible to attack and sensitive information would be vulnerable to exploitation.
- The high dependence of companies on their systems, software and data can endanger executive leadership, reputations, sales and profits affecting the market capitalization if the assets are interfered with destabilizing the enterprises.
- The major shift from a primary effect on consumers to need for a global impact derailing the economic and political system to fulfil the ambitious goals of the terrorists performing cyber attacks can prove to be a major trouble for the entire world.
- There is a continuous rise in the numbers of highly skilled hackers, at times supported by the nation-states, to develop sophisticated tools to dig deeper into the systems to get hold of sensitive information.
- The consequences of cyber terrorism can include an intense quantity of lost revenue, Additional expenses to restore operations and to improve cybersecurity defences which are heavy and unbearable, Regulatory fines and additional scrutiny along with reputational damage at the global level as their vulnerabilities would drag away the customers and clients due to breach of trust and lack of security.
- Such attacks are increasing in numbers and have devastating effects on the companies and organizations, The potential perpetrators of acts of cyber terrorism can be classified into five categories namely :
- organized crime
- non-state terror groups
- lone wolves
Each of them has the capability to wreak havoc on a global scale and bring down a company to its knees. This has led to the requirement of high-tech investigations to analyze the digital information and identify what happened and who did it. Some key steps and fundamental concepts are required to be successfully performed to conduct a high-tech investigation and maintain the chain of custody of digital evidence from identification to seizure to promote justice in cyberspace.
Limitations of the international provisions
There have been numerous developments and the formation of norms to establish a strong framework around the use of ICTs to maintain peace and international security. But there are many gaps to be filled and errors to be corrected before we reach the full potential to fight off these problems-
- There is a lot of confusion and disagreement among nations as to the application of international law to their areas of jurisdictions due to different takes on policy issues and vast differences and imbalances in their resources in military and ITs.
- Not all countries are capable of pulling off the security nets due to low resources and lack of confidence-building measures due to which they are unable to establish national structures and implement norms.
- There is a major lack of awareness related to norms that follow international peace and security among the policymakers who act sluggish and oblivious to the impacts at times.
There is a lack of trust among the various stakeholders leading to lack of cooperation and collaboration.
The Internet has slowly become the hub used for terrorist purposes such as the spreading of propaganda, recruitment, radicalization and incitement to terrorism with financing, training of terrorists and planning of terrorist attacks and cyberattacks.
Advancements in information and communication technologies (ICT) in the newly, technologically – dependent world, is bringing about new potential threats to the users and the society at large. History has shown that many of the threats affecting new ICT innovation developments can be easily predicted.
Terrorism threatens the collective interest of a democratic constitutional order wherein the individuals join a terrorist organization with criminal agendas. It does not encircle the individual interest but a group of individual interests where propaganda is used to destabilize a political regime and place the lives of many under jeopardy.
There is an emerging need to discuss the ICT areas and new cybersecurity threats we have to prepare for and fight against.
Hackers have time and again demonstrated that individuals can easily gain access to sensitive information and to the operation of crucial services. Terrorists can easily follow, breaking into government and private computer systems, creating vast and devastating impacts like disabling the military, financial, or service sectors of the economies. The more technologically developed a country is, the more vulnerable it is to cyberattacks against its crucial infrastructure.
The rising number of criminals and terrorists behind these contemporary, practically well-organized cyber threats are going to have irreparable and hardcore damaging impacts on the victims. Thus it is required to investigate, formulate responses and bring justice to the sphere of cyber terrorism and crimes through decision making, problem-solving, innovation and developing strategies to fight against the issue.
We need to identify the source and root cause of the growing problem and deal with it before it gets out of hand and gives rise to an unsafe world where private information is leaked and misused without consent threatening the lives of innocent people and leading to potential misconduct of the ideologies of the world.
Famous cases and incidents
The WannaCry outbreak
With improving computer security techniques, worm outbreaks have become rare as it is very hard to engineer a piece of malware that automatically executes on a remote machine without any user involvement.
The WannaCry was a worm, in the computing parlance. It was a type of a piece of malware that was able to spread itself to be far more damaging than a normal computer virus. This kind of worm self-replicates, bouncing from host to host, and obeying all the rules, growing dramatically and taking off when they infect well-connected nodes through the implementation of the Server Message Block protocol.
A mysterious hacking group called The Shadow Breakers pointed out a weakness in Microsoft’s Windows operating systems that could be used to automatically run programs on other computers on the same network in April 2017. Even with the kill switch active, the outbreak caused huge damage. After infecting Windows computers, the worm encrypted files on the computer’s hard drive, making it impossible for users to access the drive. Along with the loss of access, the malware then demanded a ransom payment in bitcoin in order to decrypt them, failing which the files would have been permanently deleted.
The WannaCry outbreak shut down computers in around 80 NHS organizations in England due to which 20000 appointments were cancelled, hospitals diverted ambulances being unable to handle emergency cases and 600 GP surgeries had to return to pen and paper. There was a threat to life, health and major finances due to the malware. It is estimated this cybercrime caused around $4 billion in losses across the globe.
It was believed that the U.S. National Security Agency discovered this vulnerability and misused the information by developing a code to exploit it called EternalBlue rather than reporting it to the Infosec community.
Microsoft provided with SBM patches which were released 2 months before the cyberattack, but patchless PC’s were still vulnerable and vastly affected by the outbreak.WannaCry is still infecting systems which can be seen in another incident which took place in March 2018, where Boeing was hit with a suspected WannaCry attack. The company claimed it did little damage affecting only a few production machines. Boeing was able to stop the attack and settle back in due to the publicity of the attack and the readily available patches by Microsoft.
WannaCry spread like wildfire throughout computers across the world encrypting hundreds of thousands in more than 150 countries in a matter of hours. It was a first time experience for the world that a malware that encrypts a user’s files and then demands cryptocurrency in ransom to unlock them has managed to spread across the world. It looked like what they call, a coordinated cyberattack.
This led to serious consequences for the NHS and its ability to provide care to patients which could have been prevented if the NHS had agreed to follow basic IT security practices that had been released and provided. Thus there is a need to get the world’s act together to ensure that what happened in the case of the NHS is better protected against future attacks.
The NotPetya was a similar incident which highlighted the importance of stringent measures and laws to be taken up exposing a systemic risk and affecting a broad cross-section of businesses without specific targeting, thus demonstrating the potential for the increasing threat of cyber terrorism.
“Our nation is at great risk of a cyberattack that could devastate national psyche and economy more broadly than did the 9/11”.- Roy Maxion
The ‘still entrenched in the minds’ event that took place on September 11, 2001, in America which shook the whole world and raised a very big question, about the safety in the uncertain and unknown areas of cyberspace and its potential to create a terrorist attack. Before the incident, no country was ready to face or question the dangers of cyberspace and the kind of impact it could create on such a massive level. The U.S then decided to replenish their priorities and remove all the cyber threats which were threatening their country. They took measures to stop any further harm and get back what they had lost. The concept of cybersecurity dug its roots deeper into the importance of provisions and laws along with a safety net seriously and thus, was created a challenge to accomplish all possible methods to reduce the cyber threat. It was a wake-up call for the world to deal with the ever-rising issue. Even after 9/11 similar attacks continue to take place and require a lot of attention to face the potential threat cyberspace poses to the globe.
Ahmedabad Bomb Blast
On 26 July 2008, The Ahmedabad bomb blast took place which was a series of 21 blasts in 70 mines where more than 70 people were killed and around 200 got injured. News agencies reported that they had received 14 page long emails from the terror group called Indian Mujahedeen, Islamic Militant Group (Harkat-Ul-Jihad-al-Islam) claiming responsibility of terror attack just 5 minutes before the blast referring to an Awaited 5 minute patient act to take Revenge from Gujarat in retaliation to the 2002 Gujarat Godhead Train Burning incident. The mail was sent to incite the terror of death along with threats to the Chief Minister of Maharashtra and his deputy, reminding them of the events of the evening of 11 July 2006. It also warned Mukesh Ambani of Reliance Industries for building a citadel on land in Mumbai that belonged to Waif board and few Bollywood actors to stop acting.
The date 26th November 2008 was a dark day for Witnessing a very tragic Incident of 12 coordinate shooting and bombing that lasted 4days across Mumbai. According to Experts, it was a major cyber attack. There were ten Pakistani men related to the phobia cluster terrorist group attacked buildings in Bombay, killing 164 individuals, 9 gunmen were killed throughout the attacks, one survived. They began their journey from Karachi, West Pakistan to Bombay via boat. Hijacking a fishing trawler and killing four crew members and slitting the captain’s throat. The terrorists thrived in the Bombay city district close to the entryway of the Republic of India monument. They hijacked cars, police vans and used automatic weapons and grenades.
The terrorists were in touch with Pakistan the whole time through the use of cellphones VOIP, and all the Computer systems of Taj Hotel, Leopal cafe, Shivaji Maharaj Terminus, Oberoi Trident, Came Hospital, Nariman House which were hacked, giving them access to all the data of the hotel and other places. Their targets were the Foreigner guests from the U.S, England and other places. The blasts lasted four days .26/11 was one of the major incidents in our country which made the government aware of the cybersecurity and cyber threat and what steps should be taken for it.
With the rise in the percentage of cyber terrorism acts being conducted, situational understanding is critical at the moment to understand the nature and the grave consequences. The world together needs to work on the improvement of systems of security, improvement of defence against future attacks, identify the nature of potential threats and take a stand on improved situational awareness. Clear communication strategies and intelligence about the attacks should be shared between countries and governments, to strengthen security networks against future attacks and its results.
- There is a need to strengthen the normative foundations by states to build responsible behaviour in the use of ICTs.
- International norms and policies which have been already signed and agreed upon should be practically implemented in a responsible manner.
- Along with readily accessible and affordable technology, advantages and disadvantages must be weighed in and precautions should be taken to prevent a breach.
- The existing gaps between the capacity needs should be narrowed by conducting discussions on less tangible issues.
- Trust and confidence should be encouraged and built between the states to ease out the differences and search for ideal solutions to the issues and create a healthy political environment.
- Relevant actors should be involved and encouraged to give their expertise in the formation of solutions to the issues.
- Insurance policies should be evolved to cover the failure of technology and loss of revenue.
- Cyber policies should include provisions for business interruption and breach of data.
- There should be a highlighted importance of proper education and training to handle, manage and investigate computer evidence.
- The importance of having a form of accreditation to validate the experiences, skills, and qualifications should be introduced.
- Because of global society’s increasing dependency on ICTs and the increase in their misuse, stringent police submissions and changes on ICTs to propagate international peace and security by the United Nations leadership needs to be scaled up a notch to get the desired results and prevent any major outbreak in the future along with justice to the victims of any such mishappening.
- Provisions for cybersecurity must be incorporated in IT and the recommendations made by the Malimath Committee Report on recommendations for criminal justice system must be given due attention to prevent the cyber offences in India.
- There is a need to inform the common citizens about the dangers of cyber terrorism.
- Qualified faculty should be appointed to explain the usage of countermeasures.
Modern Information technologies can leverage economic as well as social benefits. The states have continuously strived to achieve a shared vision of a secure, open, peaceful and accessible ICT environment. Despite all the efforts the problem doesn’t seem to go away. The psychological perspective shows the combination of two growing yet compelling fears, cyber and terrorism which are yet bewildered and need stringent exploration to conquer the dread of the unknown. The fear and anxiety revolving around these concepts paired with the uncertainty give all the more reason to acknowledge the grave consequences of its presence. The source of the problem is not just the technologies which are prone to vulnerabilities, errors and flaws but human behaviour is too at fault due to its inclination towards the negative and destructive forces, mainly to overcome insecurities, feelings of revenge, cheating and rebel to destroy.
A lot of State and non-State actors have been using cyberspace and related ICT tools for a range of malicious purposes. Thus affecting the trust of the people in the technologies and related products and services and undermining trust between governments threatening international peace and security.
The Information Technology Act,2000 has outlined bound offences and penalties to overpower omissions, that are known to return inside the characterization of cybercrimes. A change is inevitable and required due to which the dilemmas posed by the new advancements in technology every day cannot be avoided. The criminals have modified their strategies and adopted the advanced technology, and to protect the society, the legal, and the enforcement authorities, the non-public companies and organizations in India will have to modify their mechanism to combat the issues in unity.
LawSikho has created a telegram group for exchanging legal knowledge, referrals and various opportunities. You can click on this link and join: