Cybercrime on the rise

In News 

There has been a steady spike in cases of cybercrime in India  in the last five years.

• According to the National Crime Records Bureau (NCRB), from 12,317 cases of cybercrime in 2016, there were 50,035 cases registered in 2020. 

Cyber Crime in India

• In India, cyber crime can be defined as unauthorised access to some computer system without the permission of the rightful owner or place of criminal activity and include everything from online cracking to denial of service attacks. 

• Examples: 
  • Phishing, Spoofing, DoS (Denial of Service) attack, credit card fraud, online transaction fraud, cyber defamation, child pornography, etc.

Reasons for increasing Cyber Attacks in India

• Increasing dependency on technology: In India, cybercrime is increasing with the increased use of information and communication technology (ICT).Growing digital reliance in the post-COVID era has exposed digital disparities .

• Limited capacity enforcement agencies: the capacity of the enforcement agencies to investigate cybercrime remains limited.India’s approach to cyber security has so far been ad hoc and unsystematic. 
  • With ‘police’ and ‘public order’ being in the State List, the primary obligation to check crime and create the necessary cyber infrastructure lies with States. At the same time, with the IT Act and major laws being central legislations, the central government is no less responsible to evolve uniform statutory procedures for the enforcement agencies. 

• Lack of International Coordination: International cooperation and consensus is missing in this field.
• No procedural code : There is no separate procedural code for the investigation of cyber or computer-related offences. 
• Shortage of technical staff :there have been half-hearted efforts by the States to recruit technical staff for the investigation of cybercrime.
  • A regular police officer, with an academic background in the arts, commerce, literature, or management may be unable to understand the nuances of the working of a computer or the Internet.
• Low digital literacy among the general public and digital gaps amongst nations create an unsustainable environment in the cyber domain.

Government Initiatives To Tackle Cyber Crime in India 

• Banning of unsafe apps: India had banned apps that posed a threat to security.
  •  India had banned many apps (mostly of Chinese origin), which were found to be unsafe for usage by Indian citizens.
• The Indian Computer Emergency Response Team (CERT-In):
  • It operates as the national agency for tackling the country’s cybersecurity, and has helped in lowering the rate of cyber attacks on government networks. 
• Indian Cyber Crime Coordination Centre (I4C)
  • To act as a nodal point in the fight against cybercrime
  • To prevent misuse of cyber space for furthering the cause of extremist and terrorist groups
• National Critical Information Infrastructure Protection Centre (NCIIPC)
  • It is a central government establishment, formed to protect critical information of India, which has an enormous impact on national security, economic growth, or public healthcare. 
• Cyber Swachhta Kendra: Cyber Swachhta Kendra helps users to analyse and keep their systems free of various viruses, bots/ malware, Trojans, etc.
  • Launched in early 2017.
• Cyber Surakshit Bharat: It was launched by the Ministry of Electronics and Information Technology (MEITy) in 2018 with an aim to 
  • spread awareness about cybercrime and 
  • building capacity for safety measures for Chief Information Security Officers (CISOs) and frontline IT staff across all government departments.
• The Cyber Warrior Police Force: It was organised on the lines of the Central Armed Police Force in 2018.

• Information Technology Act, 2000 (Amended in 2008): It is the main law for dealing with cybercrime and digital commerce in India.
  • National Critical Information Infrastructure Protection Centre (NCIIPC) was created under Section 70A of IT Act 2000 to protect Cyberinfrastructure.
• BIS guidelines : The broad guidelines for the identification, collection, acquisition and preservation of digital evidence issued by the Bureau of Indian Standards (BIS) is fairly comprehensive and easy to comprehend for both the first responder (who could be an authorised and trained police officer of a police station) as well as the specialist (who has specialised knowledge, skills and the abilities to handle a wide range of technical issues). 
  • The guidelines, if followed meticulously, may ensure that electronic evidence is neither tampered with nor subject to spoliation during investigation.
• Judicial Intervention : a five-judge committee was constituted in July 2018 to frame the draft rules which could serve as a model for the reception of digital evidence by courts.
  • The committee suggested Draft Rules for the Reception, Retrieval, Authentication and Preservation of Electronic Records are yet to be given a statutory force.

Way Forward 

• It is essential that State governments build up sufficient capacity to deal with cybercrime. It could be done either by setting up a separate cyberpolice station in each district or range, or having technically qualified staff in every police station.

• Upgrade cyber labs: the cyber forensic laboratories of States must be upgraded with the advent of new technologies.
• The central government has proposed launching a digital rupee using blockchain technology soon. 
  • State enforcement agencies need to be ready for these technologies.
•  Need for localisation: Most cyber crimes are trans-national in nature with extra-territorial jurisdiction. The collection of evidence from foreign territories is not only a difficult but also a tardy process. Therefore, ‘data localisation’ must feature in the proposed Personal Data Protection law so that enforcement agencies are able to get timely access to the data of suspected Indian citizens. 
• The Centre and States must not only work in tandem and frame statutory guidelines to facilitate investigation of cybercrime but also need to commit sufficient funds to develop much-awaited and required cyber infrastructure.

• The critical infrastructure managers should also be well trained in cyber warfare and well equipped with all the technologies for isolating viruses and attacks.