In this article, Sushmita Udayasankar, pursuing Diploma in Entrepreneurship Administration and Business Laws from NUJS, Kolkata discusses how the legal system tackles cyber terrorism.

Introduction

With the increased usage of internet and computers, there has been an unprecedented increase in the misuse of the cyber world by criminals and anti-social elements. Crimes are now increasingly committed using the internet as a medium. Such crimes have been termed as Cybercrimes.

There are different categories of cyber crimes. Crime committed against the government and the nation as a whole by challenging the integrity and security of the country is referred to as Cyber Terrorism.

Meaning of the term ‘Cyber Terrorism’

Terrorism means intentionally creating fear or horror in the minds of the public and intimidating them by using force or weapons or other means. This is done in pursuit of some unreasonable political, religious, or financial objectives.

Cyber Terrorism means the use of cyber space to cause harm to the general public and disrupt the integrity and sovereignty of the target country. Cyber space refers to the electronic medium or the interconnected network of computers.

Black’s Law dictionary defines cyber terrorism as the act of “Making new viruses to hack websites, computers, and networks”.

The U.S Federal Bureau of Investigation defines cyber terrorism as a premeditated attack against a computer system, computer data, programs and other information with the sole aim of violence against clandestine agents and subnational groups.

Definition as per Information Technology Act, 2000 (“IT Act”)

Section 66F of the IT Act defines ‘Cyber Terrorism’ as all those acts by any person with an intent to create threat to the unity, integrity, sovereignty and security of the nation or create terror in minds of people or section of people by way of disrupting the authorised access to a computer resource or getting access to a computer resource through unauthorised means or causing damage to computer network. If these acts cause injuries to persons, cause the death of any person, damage or destruct any property, cause disruption of essential supplies or services, or negatively affect the critical information structure, they become punishable in nature.

It also includes all those acts committed knowingly or intentionally in connection to getting access to a computer resource in an unauthorized way and that the data so obtained was restricted in the interests of the sovereignty and integrity of the nation.

Modes of Cyber Terrorism

The terrorists commit the crime of cyber terrorism in any or all of the following ways:

1. Hacking into the systems and databases owned by the government of the target country and appropriating sensitive information of national importance.
2. Destructing and destroying the entire database of the government hosted on cyber space along with all backups by introducing a virus or malware into the systems.
3. Temporarily causing disruptions to the network of the government of the target nation and distracting the top officials so that they can pursue other means of terrorism.
4. Distributed denial of service attack (“DDOS”): The terrorists through this attack first infect the systems by introducing viruses and then take control over the systems. The systems are then accessed by the terrorists from any location who manipulate the data and access the information.

Tackling Cyber Terrorism at the International Level

• International Telegraph Union-United Nations

International Telegraph Union (“ITU”), a specialised agency of the United Nations, is entrusted with the responsibility of addressing issues relating to information and communication technologies. One of the basic roles of ITU is to build cyber security in all its member countries and ensure international cooperation. To achieve this, an agenda called the Global Cyber security Agenda was launched in 2007 by the ITU which must be followed by all the member nations.

• Budapest Convention on Cyber Crime – Council of Europe

The Budapest Convention is the first international convention which deals with issues of cyber crime and terrorism. The main objective of this treaty is to promote international cooperation among nations. It has laid down a common policy to control cyber crime and cyber terrorism. It also deals with issues relating to the security of data on cyber space. However, important countries like India and Brazil have not become a party to this convention. India declined to adopt the convention as it was not involved in the drafting of the policy.

• North Atlantic Treaty Organisation

The North Atlantic Treaty Organisation also plays a massive role in trying to combat cyber terrorism. To achieve this objective, it has created Cyber Defence Management Authority which is in charge of ensuring cyber security and preventing terrorism. Further, it has also created a Rapid Reaction Team which will stand up against cyber attacks.

Apart from these above-mentioned organisations and their initiatives, each country has its own set of cyber and defence laws whose sole objective is to ensure cyber security and prevent cyber terrorism.

Tackling Cyber Terrorism in India

Even though the acts of cyber terrorism has increased in heaps and bounds, the Parliament of India is yet to enact any legislation which specifically addresses the issue of cyber terrorism.

However, certain existing legislations have been amended to include it within its purview the crime of cyber terrorism.

The legislations are:

• IT Act

The salient provisions of the IT Act in relation to preventing cyber terrorism are:

Section 66F of the IT Act defines cyber terrorism.  This Section has been introduced by way of amendment to the Act in the year 2008.  This amendment was the outcome of the infamous 26/11 terror attack in India. The terrorists, in this case, made use of the communication services to abet the terrorists who carried out a series of 12 shooting attacks throughout the city of Mumbai. This tragedy is a classic example of terrorism using the cyber network.

This Section also prescribes the punishment for those who commit or conspire to commit cyber terrorism. According to the Section, such people shall be punishable with imprisonment which may extend to imprisonment for life.

However, it is pertinent to note that the cyber space is evolving every day and new loopholes have emerged in this definition of cyber terrorism.

Blocking access to information

Section 69A of the IT Act also empowers the Central government or any of its authorised employees to direct any agency of the government to block access by the public any information from a computer resource in the interests of sovereignty and integrity of the nation.

Indian Computer Emergency Response Team (“CERT-In”)

As per Section 70B of the IT Act, the CERT-In team is set up which provides immediate alerts of incidents challenging cyber security and also lists out the emergency measures for handling incidents threatening cyber security of the Nation.

• Unlawful Activities Prevention Act, 1967

This Act lays down punishment for terrorist activities. Though cyber terrorism does not fall under the definition of terrorism as contemplated under this Act, this Act also prescribes punishment for recruiting persons for terrorist activities and for organising terrorist camps. Using cyber space for the above-mentioned activities is also an act of cyber terrorism and is hence punishable.

• Indian Penal Code, 1860 (“IPC”)

The term ‘property’ used in this Act in connection with punishment for theft and such connected crimes has been extended to cover data too and includes within its ambit the crime of data theft.

The Hon’ble Supreme Court of India in the matter of R.K. Dalmia v Delhi Administration has held that the word “property” defined in IPC is in a much wider sense than the expression “movable property” and that there is no good reason to restrict the meaning of the word “property” to movable property only, when it is used without any qualification. The Hon’ble Supreme Court also recorded that whether the offence defined in a particular section of IPC can be committed in respect of any particular kind of property, will depend not on the interpretation of the word “property”.

Therefore, where material information in the form of data is stolen by the terrorists against the sovereignty and integrity of the nation, it will amount to a crime under the IPC.

• Cyber Security Policy, 2013

For the first time in history, in the year 2013 India introduced its national level cyber security policy. This policy lays down the broad framework for upholding and protecting the cyber space security. The main aim of this policy is to create a broad umbrella of cyber security framework in the country so that the Indian cyber space is secure and free from any kind of attacks both by terrorists and other anti-social elements. However, there is a need to amend this policy to encompass newer methods of ensuring the safety of the ever-evolving cyber space.

Conclusion

The legal systems around the globe are, with every passing year, trying to implement new measures to combat cyber terrorism. However, with more innovative ways of working in the cyber space, more loopholes are formed which will have to be filled in by the countries by amending the procedures and the laws in force to tackle cyber terrorism. Moreover, a unified international framework should be in place to combat this global issue. Further, the public should be made aware of the threats and the ways and means of dissemination and how to deal in case of terrorist attacks.

All these measures will go a long way in establishing a secure cyber space desired by the citizens.