This article is written by Meenal Sharma, a student of Vivekananda Institute of Professional Studies. In this article, the author discussed the role of the economy in cybersecurity and the challenges faced by cybersecurity.
Table of Contents
Cybersecurity or information technology security refers to the protection of data, devices, networks, programs, etc, from various attacks that can cause damage through unauthorised access. Today, cybersecurity is facing many challenges. In 2019, the World Economic Forum identified cyberattacks as one of the top five global risks. There is a need to protect products and services, and ensure that software works in an intended manner. Internet and economic development are correlated, so there is a need to regulate economic issues in cybersecurity. The economy is suffering due to a rise in cybercrime as a large amount of economic wealth is transferred through suspicious transactions. While the attacks made by cyber attackers are cheap, their profit margins are quite generous. Therefore, the government, as well as the enterprises, need to take various steps to deal with threats relating to cyberspace. In this article, we will discuss the economic issues and challenges faced by cybersecurity.
Role of the economy in cybersecurity
The Internet is correlated with economic development. Cybersecurity is related to the internet, and the data which is transmitted and stored on the internet. The importance of the data on the internet is increasing with the advent of digitisation of enterprises such as information industry, manufacturing industries, etc. The internet has impacted the economy to a large extent by allowing universal access to an exhaustive set of information. Cybersecurity plays a great role in protecting the infrastructure of various industries, thus, shaping the global economy. So, any risk to cyberspace will certainly affect the economy.
Economic issues related to Cybersecurity
With the increase in digitisation, cybersecurity has become a major issue. Research has found that corporations are losing huge amounts of money due to cybercrimes like IP loss, algorithm trading, and damage to financial and consumer data. The cybersystems are insecure while there is an increase in the number of network connections and devices. The community of attackers is becoming more advanced by improving their techniques.
Here, the economy of cybersecurity acts as a disadvantage to the cyber ecosystem as it favours the attackers.
- Cyber attacks are cheap and easily carried out.
- The profit margins of attackers are generous.
- Law enforcement is practically non-existent as only 2% of the cybercriminals are prosecuted.
- There is an imbalance among economic incentives as certain technologies and business plans undermine cybersecurity such as cloud computing.
- Efficient business practices such as BYOD (Bring Your Own Device) cause problems with respect to security.
Cybercrime poses the greatest threat to every company as they can lose huge amounts of money because of it. Research shows that cybercrime amounts to the greatest transfer of economic wealth. It also risks the incentives for human innovation and investment. 5 core principles have been identified to enhance the cyber risk management for Corporate Boards by the National Association of Corporate Directors of the United States of America in Cyber Security Handbook. Following these principles will ensure a more secure cyber risk management system. They are:
- Firstly, it is essential to incorporate cybersecurity as an enterprise-wide risk management issue and not just an IT management issue.
- It is important to understand the legal implications of cyber risks as they are evolving quickly.
- Corporations should have access to cybersecurity professionals who have expertise in cyber risk management.
- There should be a cyber risk management team in every enterprise to deal with issues related to cybersecurity.
- Such a team must identify risks of cyber threats and avoid, mitigate and accept such risks through insurance.
Cyber laws in India
The Information Technology Act, 2000
The Information Technology Act 2000 regulates the use of computer software, computer systems, computer network including data and information in the electronic format. It deals with the evidentiary value of electronic transactions, digital signatures, cybercrimes, cybersecurity and data protection.
The following offences have been defined under the Act:
- Section 65: Tampering with computer source documents is punishable with imprisonment up to 3 years, or fine up to ₹2 lakh, or both.
- Section 66: Computer related offences such as causing computer resources to carry out a function with a dishonest or fraudulent intention in order to secure unauthorised access is punishable with imprisonment for a period of 3 years, or fine up to ₹5 lakh, or both.
- Section 66A: Sending offensive messages through communication service is punishable for a term which may extend to 3 years with fine.
- Section 66B: Dishonestly receiving or retaining stolen computer resource or communication device is punishable with imprisonment for up to 3 years, or a fine of ₹ 1 lakh, or both.
- Section 66C: Identity theft by use of a unique identification feature of another person such as electronic signature, password etc. is punishable for a term up to 3 years, and fine up to ₹ 1 lakh.
- Section 66D: Cheating by personation by using computer resources is punishable for a term up to 3 years and fine up to ₹ 1 lakh.
- Section 66E: Violation of privacy through capturing, publishing or transmitting an image of private areas of a person, irrespective of their consent, shall be punishable for a term up to 3 years, or fine up to ₹ 2 lakh, or both.
- Section 66F: Whoever commits or conspires to commit cyberterrorism by threatening the integrity, unity or sovereignty of the nation, or striking terror amongst the people of a country through gaining illegal access to restricted data or database, denial of service or introducing a virus etc. is punishable with imprisonment which may even extend to imprisonment for life.
- Section 67A: Publishing or transmitting material which contains sexually explicit acts in electronic form is punishable for a term that may extend to the imprisonment of 5 years and fine up to ₹10 lakh. A subsequent conviction is punishable for a term which may extend to the imprisonment of 7 years and fine up to ₹10 lakh.
- Section 67B: Publishing or transmitting material depicting children in sexually explicit acts in electronic form is punishable with imprisonment for up to 5 years and a fine of up to ₹10 lakh. A subsequent conviction is punishable with imprisonment up to 7 years and fine of ₹10 lakh.
- Section 67C: Preservation and retention of information by intermediaries is punishable with imprisonment up to 3 years and a fine.
- Section 71: Misrepresentation by suppressing facts from the Comptroller or the Certifying Authority for obtaining electronic signature or licence is punishable with imprisonment of up to 2 years, or fine of ₹1 lakh, or both.
- Section 72: Breach of confidentiality and privacy by any person in pursuance of the power conferred under the IT Act is punishable with up to 2 years of imprisonment, or fine of ₹1 lakh, or both.
- Section 72A: Disclosure of information in breach of a lawful contract by a person such as an intermediary who has secured access to personal information of another person intending to cause wrongful loss is punishable with up to 3 years imprisonment, or a fine of ₹5 lakh, or both.
- Section 73: Publishing electronic signature certificate with the knowledge that it is false is punishable for up to 2 years of imprisonment, or fine up to ₹1 lakh, or both.
- Section 74: Publishing electronic signature certificate for fraudulent purposes is punishable with imprisonment up to 2 years, or fine up to ₹1 lakh, or both.
- Section 75: This Act will also be applicable for offences or contraventions committed outside India.
National Cybersecurity Policy 2013
The document of National Cybersecurity Policy 2013 outlines a roadmap for the creation of a framework to deal with cybersecurity at all levels throughout the country. Its vision is to build a secure cyber ecosystem. The mission is to protect the data in cyberspace, build the potential to ensure, prevent and deal with cyber threats, and minimise damage from cyber crimes through enhanced technology, practice and process.
The strategies under this policy include the creation of a secure cyber ecosystem through mechanisms for security threats such as National Computer Emergency Response Team (CERT-In) to coordinate cybersecurity efforts, crisis management and emergency responses. It also includes securing e-Governance by implementing wider use of Public Key Infrastructure (PKI). it also includes protecting critical information infrastructure through the nodal agency, the National Critical Information Infrastructure Protection Centre (NCIIPC). It also encompasses capacity building through education and training programs for human resource development.
Recent Steps taken by the government
- Cyber Surakshit Bharat Initiative: It was launched in 2018 to build safety measures for Chief Information Security Officers (CISOs) and IT staff who are at the frontline in various government departments.
- National Cyber Security Coordination Centre (NCCC): It was developed in 2017 and this mandated for the internet traffic to be scanned, including little snippets of information inside each communication for detecting real-time cyber threats.
- Cyber Swachhta Kendra: This was a platform introduced in 2017 which allowed Internet users to wipe out virus and malware from their computers.
- Information Security Education and Awareness Project (ISEA): Under this project, about 1.14 lakh people were trained through 52 institutions to raise awareness by research and education in the field of IT.
- International cooperation: India has tied with countries like the United States, Singapore, Japan, etc. to create a secure cyber ecosystem and has also signed agreements that will help India to deal with cyber threats sophisticatedly.
Mechanisms regulating cyberspace at the international level are:
- International Telecommunication Union (ITU): ITU is a specialised agency of the UN which aims to standardise and develop telecommunication and cybersecurity laws.
- Budapest Convention on Cybercrime: The Budapest Convention came into force on 1 July 2004. It addresses cybercrime by harmonizing national laws, increasing cooperation among states and ameliorating investigating techniques. However, India is not a signatory to it.
- Internet Governance Forum (IGF): IGF was first convened in October/November 2006. It is a forum for the government, private sector and civilians allowing governance debates on the internet.
- Internet Corporation for Assigned Names and Numbers (ICANN): ICANN is a non-profit organisation that coordinates the maintenance along with procedures of various databases in order to ensure a stable and secure network.
Some of the challenges to cybersecurity are:
- With the advent of digitisation, there is an increase in the number of mobile users and users of other digital devices which increases the scope for cybercrimes.
- Most of such devices lack the requisite security infrastructure.
- Internet Technology has become so advanced that is fairly difficult to point out the liability as well as the cause of action.
- The cyber attackers are more advanced than the adopted defence technology.
- There is a lack of awareness about cybersecurity and officials are not efficiently trained to deal with cybersecurity management.
Cyberspace is a great threat to the economy. The threat to the cyberspace could be managed by taking the following measures:
- Follow secure practices and enable the Internet of Things (IoT) with current tools and updates with the best methods.
- Real-time intelligence and Artificial Intelligence are required to deal with the attacks of cybercrime.
- Spreading awareness about cybersecurity with respect to risk management and Information Technology.
- Universal adherence to cyber norms and International law for ensuring responsible state behaviour.
- There must be cooperation amongst nations for creating secure cyberspace.
- Countries should make efforts towards training and building human resources skilled in cyber risk management.
- Creation of deterrence capabilities in cyberspace.
- All countries should make collective efforts to create a multi-stakeholder model of governance and knowledge economy which could help to build a prosperous economy.
- There is a need for an international convention on cyberspace as cybersecurity is not just a national but an international issue.
Cyberspace is expanding day by day with a simultaneous increase in network connections. With this, the threat of cyber risks is also increasing. The Information Technology Act, 2000 lays down various cyber crimes along with their penalties and punishments. The nation’s economy is the most vulnerable area as a huge amount is lost due to IP loss, attack on trading algorithms, etc. There is a need for more stringent measures to be taken at both the national and international level. Awareness should be spread with respect to cybersecurity and countries should strengthen their human resources by training them to deal with cyber risk management. Moreover, cyber threats can be controlled by improving data and understanding, as well as incorporating methods to use resources wisely. Various countries have adopted measures such as data sovereignty, internet governance, data localisation etc. The government can improve the economics of cybersecurity by monitoring cybersecurity incidents and their responses.
LawSikho has created a telegram group for exchanging legal knowledge, referrals and various opportunities. You can click on this link and join: