India Forms New Cybercrime PanelGroup Tasked with Creating Roadmap to Fight Crime
India's Union Home ministry has formed a five-member panel to devise a roadmap to tackle cybercrime. But do the members have the experience necessary to fulfill the mission? This is the question being raised by cybersecurity experts in the wake of the news.
See Also: Ransomware Recovery in the 'New Normal'
The discussion arises with India's Union Home Minister Rajnath Singh announcing the formation of a five-member expert group of leading academicians and professionals to tackle cybercrime.
"India, with a fast-growing economy, is susceptible to international and domestic cyber-attacks, and there is a need to ensure a cybercrime-free environment," says the home ministry in a statement announcing the new panel.
The group includes CDAC (Pune) Director-General Rajat Moona; Professor Krishnan from Indian Institute of Science, Bengaluru; CERT-In Director-General Dr. Gulshan Rai; Manindra Aggarwal of IIT-Kanpur; and D. Dass of IIIT-Bengaluru. Joint Secretary (Centre-State) Kumar Alok will be the convenor.
It is an academics-heavy group, and this is a disadvantage, some critics say, because some members lack hands-on experience tackling cybercrime.
"The government could have considered people from cybersecurity who practically face these threats," says Gurgoan-based Rakshit Tandon, director of A & R Info Security Solutions Pvt Ltd and adviser on cybercrime for the Uttar Pradesh Police. "Besides, many law enforcement officers with good experience in this field can be included."
Reached for comment about this new panel, Indian security experts say it is critical for this group's roadmap to lay out a pragmatic trajectory with a strict implementation timeline. Among key topics to be included in the roadmap, the experts say: information sharing; a rapid action force to counter threats; cybersecurity education among educational institutions and citizens; and formation of cyber-crime cells in multiple regions.
More Practical Experience Needed?
While the panel has been asked to design a plan of action to effectively tackle the cybercrime menace and to recommend new parameters for public/private partnerships, experts express serious doubts about its capabilities. The chief criticism: members from the government and academia have little professional exposure to actual cybercrime scenarios.
Mumbai-based LS Subramanian, security consultant and founder of NISE, an IT solutions company, says the committee consists of eminent personalities, but questions whether that is enough. "Professionals from professional organizations like ICAI, ISACA, CSA, CSI, IBA, NASSCOM and IEI should have been considered - they are security professionals who are certified as well."
Tandon does endorse, however, the inclusion of Dr. Gulshan Rai on the team, given his proven knowledge and understanding of cybersecurity matters.
The Panel's Agenda
Many security experts agree that the group faces a mammoth task and must invite opinions and ideas from as many hands-on cybersecurity professionals as possible. Among the immediate tasks: Tackle cybercrime incidents, growing at the rate of 79 percent since 2013, and face the challenge of inadequate software available across cybercrime cells to crack cases.
The group also must come up with a strategy to handle emerging cybercrime threats as stated by CERT-In, including phishing, ransomware and malicious code, as well as website intrusions.
"Also, it may be good to grade the recommended action plans as immediate, near future and future," Subramanian says.
Strategists say the panel's key objective must be to present its recommendations as a national cybersecurity strategy version 1.0, which can be discussed, modified and transformed into action items to implement.
Subramanian recommends some specific cybersecurity strategy measures, including:
- Formation of a rapid action force to counter cybersecurity attacks on India;
- New easily understood and implementable cybersecurity laws for India;
- A strategic road map for training 1 million cybersecurity professionals by 2020;
- Establishing a separate law enforcement and policing cell for cybercrime and cyber-attacks.
Further, Chennai-based Ramesh Bhashyam, secretary of Cyber Security Association-Chennai Chapter, advises forming cybercrime cells at all regions, including metros and districts, which can drive educational campaigns for citizens on cybercrime and defence measures.
Bhashyam, along with other experts, believes that citizen education on the use of tools to counter cybersecurity threats must be taken up as an important counter-measure.
Many experts agree that the road map should recognize the cybercrime challenges faced by law enforcement agencies. The most important ingredient, Tandon says, is building capability and capacity, and not just conducting vulnerability assessment and penetration testing or offering occasional classes.
"A proper curriculum and training program should be in place in collaboration with National Police Academy, National Disaster Management Authority and other institutions," Tandon says.
Speed Is Key
Speed is of the essence, experts say - both for the panel to conduct its work, and for India to improve its national response to cybercrime. Government agencies and businesses must become proactive in stopping cybercrime activity in real time, they say. And the banking and insurance sectors especially must exceed regulatory mandates to help prevent financial fraud.
One important change would be to recognize electronic communication between various states, so that an arrest warrant can be digitally signed and sent between states to enable the quick arrest of suspected criminals.
Also, agencies must be given the tools to create proactive dashboards for officers to share knowledge about new threats and vulnerabilities.
"The use of secure digital collaboration tools could accelerate the process of collecting inputs from cybersecurity professionals and also ensure smooth running and better outcome," Subramanian says.