Survey on need for Cyber Security in India

Deepa.T.P.,
Assistant Professor, Department of CSE,
Acharya institute of Technology, Bangalore, Karnataka, India
deepatp@acharya.ac.in

pornography, sexual exploitation, drug trafficking,

human trafficking, terrorism, fraud etc.
Abstract: Technology of today has advanced to the extent
that doctors can diagnose diseases when patient is sitting at
home watching tv, communicate with friends across the world
1.1 Why Cyber Crime is more now days?
in few seconds, pay bills just by clicking a button. Though the There are 5 common trends which give chances to
benefits are great but also one should consider or think about cyber crime:
the complexities and dangers. Research says, more than 50% 1. More online transactions and digital data.
of onliners are victim of some for of cyber crime every year, Transaction and customer information, results
which includes computer viruses, malware, credit card fraud,
of product launches, and other market
online scams, phishing, and identity theft and so on. These
information are easily available. Creating
crimes will lead the country to lose millions of rupees or
valuable intellectual property online is an
dollars, also time and expenses to put back the things in right
directions. attractive target.
2. Comparatively Corporations and companies
1 Introduction are expected to be more transparent than

In 2009, compared to physical theft fraudulent before. Majority of people want to access to

money transfers has exceeded in bank branches of corporate networks through their mobile

United States. Crimes have gone up by 60% every year, devices for day to day activities. Though
in 2012, 3500 cases and 2070 in 2011 reported in India. smarter technology devices increases
As per report from National Crime records Bureau connectivity and but present latest types of
(NCRS), Maharashtra reports 561 cases, Andhra 454 security threats. Hackers can crack these
cases, Karnataka 437 cases in the year 2012 crimes securities and get an easy entry into corporate
which are done by age group of 18 to 30 [18].
Haryana networks.
registered 3 cases in 2011 but 116 in the year 2012 3. Malicious Software like viruses and spyware
which is a drastic raise. Compared to other crimes, this are strong enough to take the partial control of
cyber crime doesn’t require much investment and can main applications.
be done in various locations. These crimes originate 4. In business, customer and vendors are joined
from various sources and exhibits to the networks to increase their business
socio-educational/economic and technological factors profits. In December 2010, a famous E-
including addiction which also includes counterfering, business website was attacked by dozens of
economic crimes, money laundering, child people claiming to be part of the unnamed
group. They attempted to perpetrate a denial of
 2 Prof. Deepa.T.P.

service attack in retaliation for website to shut 1. Application security which is the use of
down payment services to other websites. software, hardware, and procedural methods to
More than a dozen hackers were arrested in protect applications from external threats. 
that crime. 2. Information security is the practice of avoiding
5. There is more technology advanced hackers, information from unauthorized access, use,
professional cyber crime organization. For disclosure, disruption, modification, perusal,
example, hacker receives payment to infect inspection, recording or destruction. IT
end user device with malware. Today’s Security and Information assurance are two
Malwares are difficult to trace and they steal major aspects of information security.
data for financial gain. Some people think that
they get more money if they become hackers 3. Network security which consists of the

compared to securers. provisions and policies adopted by a network

administrator. They prevent and monitor
unauthorized access, misuse, modification, or
2 What is cyber Security?
denial of a computer network and network-
The dictionary meaning says that Cyber Security is accessible resources. Network security
state of being protected against the criminal or involves the authorization of access to data in
unauthorized use of electronic data, or the measures a network, which is controlled by the network
taken to achieve this. It is the collection of tools, administrator. Users choose or are assigned an
policies, security concepts, security safeguards, ID and password or other authenticating
guidelines, risk management approaches, actions, information that allows them access to
training, best practices, assurance and technologies that information and programs within their
can be used to protect the cyber environment and authority. Network security covers a variety of
organization and user’s assets. Organization and user’s computer networks, both public and private,
assets include connected computing devices, personnel, that are used in everyday jobs conducting
infrastructure, applications, services, transactions and communications among
telecommunications systems, and the totality of businesses, government agencies and
transmitted and/or stored information in the cyber individuals.
environment.
Cyber security ensures the maintenance of the 4. Disaster recovery / business continuity
security properties of the organization and user’s assets planning - need to encompass how employees
against security risks in the networked environments. It will communicate, where they will go and how
is the body of technologies, processes and practices they will keep doing their jobs. The details can
designed to protect networks, computers, programs and vary greatly, depending on the size and scope
data from attack, damage or unauthorized access. of a company and the way it does business.
Elements of cyber security include: For some businesses, issues such as supply
chain logistics are most crucial and are the
focus on the plan. For others, information
 Survey on need for cyber security in india 3

technology may play a more pivotal role, and conditions to destabilize a network in unpredictable
the BC/DR plan may have more of a focus on ways.
systems recovery. For example, the plan at one The defense of cyberspace necessarily
global manufacturing company would restore involves the forging of effective partnerships between
critical mainframes with vital data at a backup the public organizations charged with ensuring the
site within four to six days of a disruptive security of cyberspace and those who manage the use of
event, obtain a mobile PBX unit with 3,000 this space by myriad users like government
telephones within two days, recover the departments, banks, infrastructure, manufacturing and
company's 1,000-plus LANs in order of service enterprises and individual citizens. The defense
business need, and set up a temporary call of cyberspace has a special feature. The national
center for 100 agents at a nearby training territory or space that is being defended by the land, sea
facility. and air forces is well defined. Outer space and
cyberspace are different. They are inherently
5. End-user education involves educating end international even from the perspective of national
users with various information attacks and interest.
how to avoid them. For example, while
registering password, tell end user what should
4 Methods of Attacks and avoidance
be the length and characteristics of complex
The most popular weapon in cyber terrorism is the use
password. Provide suitable education about
of computer viruses and worms. That is why in some
what are the precautions they have to take to
cases of cyber terrorism is also called 'computer
avoid cyber crimes. Also, sometimes actions to
terrorism'[1]. The attacks or methods on the computer
be taken in case if they are victim.
infrastructure can be classified into three different
categories.
3 Challenges in Cyber Security
(a) Physical Attack. The computer infrastructure is
Cyber security has been considered as one of the most damaged by using conventional methods like bombs,
urgent national security problems. A report says, in a fire etc.
speech during his presidential campaign, President (b) Syntactic Attack. The computer infrastructure is
Obama promised to “make cyber security the top damaged by modifying the logic of the system in
priority that it should be in the 21st century . . . and order to introduce delay or make the system
appoint a National Cyber Advisor who will report unpredictable. Computer viruses and Trojans are used
directly” to the President. in this type of attack.
Cyber security must address not only (c) Semantic Attack. This is more treacherous as it
deliberate attacks, such as from disgruntled employees, exploits the confidence of the user in the system.
industrial espionage, and terrorists, but inadvertent During the attack the information keyed in the system
compromises of the information infrastructure due to during entering and exiting the system is modified
user errors, equipment failures, and natural disasters. without the user’s knowledge in order to induce
Vulnerabilities might allow an attacker to penetrate a errors.
network, gain access to control software, and alter load
 4 Prof. Deepa.T.P.

The first step in protecting yourself is to recognize the intentionally negative impact to
risks and become familiar with some of the terminology stealing or altering information.
associated with them.
 Malicious code - This category
 Viruses - This type of malicious code requires
includes code such as viruses,
you to actually do something before it infects
worms, and Trojan horses. Although
your computer. This action could be opening
some people use these terms
an email attachment or going to a particular
interchangeably, they have unique
web page.
characteristics.
 Worms - Worms propagate without user
intervention. They typically start by exploiting  E-Mail Related Crime- Certain emails are used
a software vulnerability (a flaw that allows the as host by viruses and worms. E-mails are also
software's intended security policy to be used for spreading disinformation, threats and
violated), then once the victim computer has defamatory stuff.
been infected the worm will attempt to find  Denial of Service -These attacks are aimed at
and infect other computers. Similar to viruses, denying authorized persons access to a
worms can propagate via email, web sites, or computer or computer network.
network-based software. The automated self-  Cryptology-Terrorists have started using
propagation of worms distinguishes them from encryption, high frequency encrypted
viruses. voice/data links etc. It would be a Herculean
task to decrypt the information terrorist is
 Trojan horses - A Trojan horse
sending by using a 512 bit symmetric
program is software that claims to be
encryption.
one thing while in fact doing
something different behind the
5 Need for Cyber Security in India
scenes. For example, a program that
claims it will speed up your 9.4% houses in India have computer (any of Laptop or
computer may actually be sending Desktop). Chandigarh (U/T), Goa and NCT of Delhi are
confidential information to a remote top three stats/union territories with highest computer
intruder. usage.
According to 2011 Census, Only 3.1 percent of total
 Hacker, attacker, or intruder -
houses have Internet access in India. The census
people who exploit weaknesses in
covered 24,66,92,667(246.7 million) houses in India
software and computer systems for
and found only 76,47,473 (3.1%) of this houses use
their own gain. Though they do it for
Internet. The Internet includes both broadband and low-
curiosity,their actions are typically
speed connections.
in violation of the intended use of
According to Internet World Stats on June 30 2012,
the systems. The results can range
there were 2.4 billion internet users (2,405,510,175)
from creating a virus with no
worldwide. China was the largest countries in terms of
 Survey on need for cyber security in india 5

internet users with over 538 million users [19].

The
following graph (figure 1) shows top 20 internet
With all these statistics ensures that India as a fast
countries worldwide at mid-year 2012:
growing country especially in the field of information
technologies and E-commerce has a high alert for
Security for its online channels to monitor over frauds
and financial losses.

6 Cyber security initiatives in India

ISO 27001 (ISO27001) is the international Cyber
Figure 1: Internet usage in top countries world-wide at security Standard that provides a model for
year 2012. establishing, implementing, operating, monitoring,
Following graph (figure 2) shows the growth of E- reviewing, maintaining, and improving an Information
commerce in India, in 2011 it has reached 10000 Security Management System.
million USD.

6.1 India’s legal framework for cyber

security.
1. Indian IT Act, 2000
Section 65 - Tampering with computer source
code, Section 66 - Hacking & computer offences,
Section 43 – Tampering of electronic records
2. Indian Copyright Act
Figure 2: Increasing usage of E-commerce in India States any person who knowingly makes use of an
illegal copy of computer program shall be
Most of today’s transactions are online. The following
graph (figure 3) shows Indian payment type in the year punishable. Computer programs have copy right
2012 according to which is online transactions is more protection, but no patent protection.
[8]
.
3. Indian Penal Code
Section 406 - Punishment for criminal breach of
trust and Section 420 - Cheating and dishonestly
inducing delivery of property[6].
4. Indian Contract Act, 1872
Offers following remedies in case of breach of
contract, Damages and Specific performance of the
contract

6.2 Other Indian Government Initiatives

Figure 3: Percentage of usage of different online Indian government released National Cyber Security
payment methods in India Policy on July 2, 2013. This policy addressing the
 6 Prof. Deepa.T.P.

growth of information technology, increasing number direction of fighting against Cyber Threats and
of cyber crimes, plans for social transformation [6]
. It Cyber Attacks including Cyber Terrorism Against
has 14 objectives which includes enhancing the India, Cyber Warfare Against India, Cyber
protection of India’s Critical infrastructure to Espionage Against India, Critical Infrastructure
investigation and prosecution of cyber crime, Protection in India, Managing India’s Cyber
developing 50,000 skilled cyber security professionals Security Problems, Issues and Challenges, etc.
in next five years. 6.3 Indian Government Initiatives for
 Cyber Security Research And Development Education on Cyber Security
Centre Of India (CSRDCI) - This concentrates on
Information security awareness – This is launched
Techno Legal Cyber Security Issues of India and
from over a five years period. One of the objectives is
World Wide . This Platform and Website is
[5]
to create awareness about information security to
managed by Perry4Law, Perry4Law Techno Legal
children, home users and non-IT professionals in a
Base (PTLB) and Perry4Law Techno Legal ICT
systematic way. C-DAC Hyderabad has been assigned
Training Centre (PTLITC)[12]. the Cyber Security
this project.
Initiatives and Projects of PTLB at a single place.
Information security education and awareness
 Cyber Crimes Investigation Centre Of India -
project- Objectives are to train System Administrators
The Cyber Crime Investigation Centre of India
by offering Diploma Course in Information Security,
(CCICI) is the exclusive Techno Legal Cyber and
Certificate Course in Information Security, 6-weeks/2-
Hi-Tech Crimes Investigation and Training Centre
weeks training programme in Information Security,
(CHCIT) of India[7]. The objective of CCICI is to
train Government Officers of Center and State on
spread Cyber Law Awareness and Cyber Security
Information Security issues and Education Exchange
Awareness in India and abroad. Further, CCICI
Programme
also intends to develop Cyber Crimes Investigation
National Initiative for Cybersecurity Education
Capabilities and Expertise in India and abroad.
(NICE) - The goal of NICE is to establish an
 National Intelligence Grid (NATGRID) - This operational, sustainable and continually improving
Project of India is one of the most ambitious cyber security education program for the nation to use
Intelligence Gathering Project of India. It has been sound cyber practices that will enhance the nation’s
launched at a time when the Intelligence security[15].
Infrastructure of India is in a bad shape [11]
. It is an
essential requirement for robust and effective 6.4 Top colleges which offer cyber security
Intelligence Agencies and Law Enforcement course in india[17]
functions in India.  Indian Institute of Information Technology
- Allahabad, Uttar Pradesh
 National Critical Information Infrastructure Master of Science in Cyber Law and
Protection Centre (NCIPC) Of India - intends to Information Security
ensure critical infrastructure protection and critical
ICT infrastructure protection in India.
 National Cyber Security Database of India
(NCSDI) - This Database would work in the
 Survey on need for cyber security in india 7

 The Indian Institute of Information security administrators, network defense analysts, web
Technology Allahabad - Allahabad, Uttar security administrators, application security testers,
Pradesh
security analysts, forensic analysts, penetration testers
Master of Science in Cyber Law and
Information Security and security auditors. the job role would be to develop
and test IT products and services of organizations and
 Institute of Management and Technology -
Ghaziabad, Uttar Pradesh ensure that they are as secure as possible. Secure
MS in Cyber Law and Security programming, authorized hacking and network security
Post Graduate Diploma in Cyber Security surveillance are specializations in this domain.

 Amrita School of Engineering -

Coimbatore, Tamil Nadu Acknowledgement
Master of Technology- Cyber Security
This work was supported by our respected Principal,
 Amity University - Noida, Uttar Pradesh Acharya insititute of Technology, Bangalore. Head of
M.Tech - Information Security & Cyber department, Computer science and Engineering,
Forensics
Acharya institute of technology, Bangalore. I thank all
 Faridabad Institute Of Management my family members, colligues and friends who have
Studies - Faridabad, Haryana directly or indirectly supported my work.
Post Graduate Diploma in Cyber Security

 Institute of Management Technology - References

Ghaziabad, Uttar Pradesh The following are the comprehensive list of resources-
Post-Graduate Diploma in Cyber Security
[1] Col SS raghav: “ cyber security in india's counter
 Sarvodaya Law College - Bangalore, terrorism strategy”
Karnataka [2] Jeff Debrosse Research Director, ESET, North America: “
Post Graduate Diploma in Cyber Law and Cybersecurity Review”
Information Technology
[3] cyber security jobs:
http://articles.timesofindia.indiatimes.com
Conclusions
[4] http://www.cybersecuritycareers.com/
As there is a drastic growth in the e- [5] CSRDCI: http://perry4law.co.in/cs.html
commerce, internet or cyber security is a major issue in [6] Nandkumar Saravade, Director, Cyber Security and

the growing countries like India. According to recent Compliance NASSCOM : Cyber Security Initiatives in India
[7] CECSRDI: http://perry4law.org/cecsrdi/?p=123
survey , which announced in TOI that India will
[8] http://techinasia.com
require five lakh cyber security professionals by 2015
[9] www.nasscom.in
to support its fast growing internet economy as per an
[10] ptlb.in/ccici/
estimate by the Union ministry of information [11] en.wikipedia.org/wiki/NATGRID
technology. The financial sector alone is expected to [12] perry4law.org/cecsrdi/?p=735
hire over 2 lakh people while telecoms, utility sectors, [13] www.infosecawareness.in/
power, oil & gas, airlines, government (law & order and [14] www.isea.gov.in/

e-governance ) will hire the rest. Employment news [15] niccs.us-cert.gov/footer/about-nice

says - Based on academic background and work [16] https://secureninja.com/.../national-initiative-for-
experience, ethical hackers can don the roles of network cybersecurity-education-...
 8 Prof. Deepa.T.P.

[17] http://study.taaza.com/study/top-ten-college-
which-offer-cyber-security-course-in-india
[18] www.indiastats.com
[19] techcircle.vccircle.com › Feature