Investigations are on in all three cases and more and more revelations are coming out. The initial arrests have been made. Some of the issues that haunt the Indian cyber march — like security of BPOs, cyber extortion and confidentiality and security of data — have been highlighted.

No doubt these incidents create awe about the extent to which cyber crimes are growing in our country, but at the same time they also show the helplessness that we still have in curbing such incidents. The good part is that cyber crimes are being reported because in most cases such incidents are generally hushed up to prevent embarrassment to the organisations involved. With IT penetration increasing and more and more people moving on to the online convenience of communicating, banking and shopping, such incidents reflect on the state of our preparedness in issues of technological regime. While India has had cyber legislation for a few years in the form of the Information Technology Act 2000, the past few incidents have shown that these laws need to be revamped to incorporate more possibilities. The call for more stringent punishment in the existing clauses and a separate data protection law are being again called for. Similarly, the readiness of the police force to deal with techno crimes is still much below the desired level on a national scale, although the police have done an excellent job in investigating some of the cases. There needs to be more involvement both in terms of cyber surveillance and cyber forensics. Likewise the responsibility of organisations like HSBC or Airtel has to be of the highest order and they need to install and ensure robust security practices.

While these incidents have resulted in awareness and a few remedial steps, they are still seen mainly as questions of commerce and privacy. The fact that today terrorists and organised syndicates use cyberspace for communicating and even launching attacks is still not being taken seriously. The implications of such incidents from a national security point of view are yet to be investigated. The absence of the geographical barrier makes it possible for such crimes to have major impact on our security. One of the biggest usage of the internet by terrorists is for collecting funds. Therefore, banking operations have to be conducted amidst the highest order of security and confidentiality. Likewise, the call records of government functionaries must be protected from hackers.

Globally, the advanced nations have looked at all forms of cyber attacks under something known as the critical information infrastructure protection (CIIP). This CIIP policy is a comprehensive one, where the critical information infrastructures are defined, and measures are taken to deal with all forms of cyber attacks. In India we are yet to have a CIIP policy although issues related to cyberspace are being dealt with more and more. While at the highest level we have the National Information Board (NIB) under the National Security Advisor to look at policy issues relating to cyberspace, there is almost no action from the NIB because it rarely meets. Most efforts are by the ministry of communications & IT through the offices of the Controller of Certifying Authorities (CCA) and the Computer Emergency Response Team (CERT-IN). CERT-IN has so far been doing a good job by sending the right alerts but nowhere in the government set-up are such advisories understood in their full ramifications.

These three incidents should stir us to more action so that we are ready with a policy to handle them professionally.