Computers and the internet are becoming an essential part of this modern era.
They are being used by individuals and societies to make their life easier. Like
storing information, sending and receiving messages, processing data,
communications, controlling machines, typing, editing drawing designing,
drawing, working in offices almost all aspects of life. The tremendous role of
computers stimulated criminals and terrorists to make it their preferred tool
for attacking their targets. In this era of internet "Cyber Crimes" increases
day by day.
'Cyber crime' is not radically different from the 'Conventional Crime'. Both
include conduct whether act or omission, which causes breach of rules of law and
counter balanced by the sanction the state. Cyber crime is a "crime against
individual or organization by means of computer". And this crime is committed in
a network environment or on internet. Computer is either a tool or target or
both for committing this type of crime.
There are various types of Cyber crimes
like some are, Identity Theft, Carding, Hacking, Web jacking Cracking, Cyber or
Child pornography, Cyber stalking, Cyber squatting, Computer fraud or forgery,
Cyber Terrorism, Cyber warfare. A person who commits a cyber crime is called as
"Cyber Criminal". They can be children and adolesce''nts both.
Cyber Terrorism is one the harmful crime in all cyber crime. The cyber crimes
which affect the national security are cyber welfare and cyber terrorism. The
unlawful attacks and threats of attack against the computer, network and the
information stored therein. Cyber terrorist attacks on the internet of many
academics, government and intelligence officials sites etc.
Cyber terrorism is
the convergence of terrorism and cyber space. Section 66F of Information
Technology act related with Cyber terrorism and its punishment. The 1998 email
bombing by the Internet Black Tigers against the Sri lankan embassies was
perhaps the closest thing to cyber terrorism that has occurred so far.
The cyber crimes which affect the national security are Cyber Warfare and Cyber
Terrorism. Unlawful attacks and threats of attack against the computer, network
and the information stored therein. Cyber terrorism defined to be "the
premeditated use of disruptive activities, or the threat thereof, in cyber
space, with the intention to further social, ideological, religious political or
similar objectives or to intimidate any person in furtherance of such
cyber terrorism, a term first coined by Barry Collin in the 1980s, is
the convergence of terrorism and cyberspace. It involves an attack over a
computer network(s) for the political objectives of terrorists to cause massive
destruction or fear among the masses and target the government(s).
cyber terrorism aims to invade cyber networks responsible for the maintenance of
national security and destroy information of strategic importance.
It is one of
the biggest threats to the security of any country, capable of causing loss of
life and humanity, creating international economic chaos and effecting ruinous
environmental casualties by hacking into various critical infrastructure (CI)
systems. The notable characteristic of cyber terrorism is to use its economic
competence to clinch inordinate effects of terror over cyber and real world
through cyber-crafted means, like destruction of cybernetwork, denial of service
attacks and data exfiltration.
Dangers created by cyber terrorism warrant immediate global consideration.
However, states have been ineffective in advancing a consensual approach by
which varied acts of terrorism in cyberspace can be brought under the
nomenclature of cyber terrorism. Currently, no universally agreed definition for
cyber terrorism exists, even though it has been acknowledged internationally as a
major risk to global peace.
It is probably because of the saying, 'one man's
terrorist is another man's freedom fighter'. Subsequently, different
perspectives over the elemental constituents and definitions of cyber terrorism
will be contemplated.
Cyber terrorism is a global concern, which has domestic as well as international
consequences. It becoming very serious issue and it covers wide range of
attacks. This cyber terrorism is starkly different from common internet crimes
like money fraud or identity theft in that it can involve use of technology to
destroy or divert the system and infrastructure cause injury and death and
undermine economies and institutions.
To accomplish their goals, cyber
terrorists target the computer systems that control the electric power grids,
air traffic control, telecommunications networks, military command systems theft
of intellectual property violation of patent, trade secret, or copy rights laws,
to make unauthorized copies of classified data and financial transaction.
Definition of cyber terrorism:
cyber terrorism is unlawful attacks and threat of attacks against computers,
networks, and information stored therein, that is carried out to intimidate or
coerce a government or its people in furtherance of some political or social
objectives. It is the 'premeditated, politically motivated attacks by
sub-national groups or clandestine agents against information, computer systems,
computer programs and data that results in violence against non-combatant
It aims at seriously affecting information systems of private
companies and government ministries and agencies by gaining illegal access to
their computer networks and destroying data. cyber terrorism, as a small landmass
of the vast territory of terrorism, uses cyberspace as a target or means, or
even a weapon, to achieve the predetermined terrorist goal. In other words, it
is the unlawful disruption or destruction of digital property to coerce or
intimidate governments or societies in the pursuit of religious, political or
ideological goals. It is an act of politically influenced violence involving
physical damage or even personal injury, occasioned by remote digital
interference with technology systems.
cyber terrorism not only damages systems but also includes intelligence gathering
and disinformation. It even exists beyond the boundaries of cyberspace and
incorporates physical devastation of infrastructure. The NATO defines
cyber terrorism as 'cyber attack using or exploiting computer or communication
networks to cause sufficient destruction or disruption to generate fear or
intimidate a society into an ideological goal'. The most acknowledged definition
of cyber terrorism is of Professor Dorothy E. Denning, as an unlawful attack
against computer networks to cause violence against any property or person(s),
intending to intimidate a government.
Need to Study:
- To study the Conecpt of Cyber crimes or Cyber Terrorism.
- Cyber terrorism in India and its punishment in Indian Law.
- Initiatives taken by World and our country for the Cyber terrorisms.
There is a need to study to know how dangerous is cyber crimes & its effects and
its punishments & policies in our country. To find some measures to prevent
minimum cyber terror attack.
Statement Of Problem:
By doing some research it came to light that negligence people will create
source for the cyber terrorist. There is a need of strict restriction for
outsiders for using internet and stock of information and resources which is
openly available on internet because it will become the sources for cyber
attacks. There is also lack of Cyber Security in our country.
Cyber Terrorism is increasing day by day after all policies and laws of the
government so its necessary to strict our Security system, policies initiatives
and punishments too against cyber terrorism.
The methodology adopted for preparing this paper is based on a qualitative
explanation. There is the use of Secondary resources like books, research
papers, digital resources, various sites, etc. for data and information
Scope of Cyber terrorism:
While studying cyber terrorism, it is imperative to discern the two aspects of
usage of cyber technology by terrorists: (i) to facilitate their terror
activities; and (ii) to use cyberspace as a weapon to target the virtual
population or execute terror activities.
It is clear from the discussion here that cyber crime and cyber terrorism are not
coterminous. Most definitions of cyber terrorism establish a restricted
functional framework for the scope of cyber terrorism. For a cyber attack to
qualify as an act of cyber terrorism, it must be politically motivated; cause
physical or other forms of destructions or disruptions, like attacks affecting
the unity, integrity and sovereignty of a country; cause loss of life (such as
use of cyber networks in 26/11 Mumbai terror attack); and result in grave
infrastructural destruction or severe economic losses. The use of cyberspace and
information and communication technologies (ICTs) by terror outfits to
facilitate their functional activities (like organisational communications)
should be considered as cyber crime. Reckoning the 'facilitating part' under the
definition of cyber terrorism would intensify the scope of cyber terrorism and
augment the problem to be rectified.
Threats posed by cyber terrorism:
cyber terrorism poses critical security threats to the world. The CIs, like
nuclear installations, power grids, air surveillance systems, stock markets and
banking networks, are dependent upon cyberspace. This functional dependence has
made CIs vulnerable to Cyber terror attacks and increased the scope for
Cyber terror footprints exponentially. Most CIs globally are poorly
protected. Therefore, Cyber terror attacks on CIs can cause egregious damages to
the society. Further, today there is a persistent threat of sensitive
information of national interests being stolen by terrorists, destruction of
computer networks or systems superintending the functioning of CIs.
Objectives of Cyber Terror Attack:
Cyber terrorism is based on specific objectives, such as:
Possible Targets of Cyber terrorists:
- Like, air traffic, military networks, financial and energy systems,
telecommunications and others, to cause physical devastation.
- Cause disruptions sufficient to compromise the industrial and economic
operations of a country. A Cyber terror attack thwacks a large part of the world
population and causes monetary disorder and loss of data.
- Cause physical injuries, loss of lives, explosions, crashing of aircraft and
other aerial vehicles, theft of technology and privileged information.
- Move beyond the realms of destruction and send a signal of ferocious disruption
and fear to governments.
Cyber attacks by terrorists majorly focus on two domains: control systems and
data in cyberspace. Consequently, the security challenges against Cyber terror
attacks generally vary across these two scopes. The first possibility is that
terror outfits, such as Al-Qaeda and the Islamic State (IS), would exploit the
information space to launch a cyber attack to ruin the CI facility of a
particular state (Kudankulam Nuclear Power Plant cyber attack).
In the second
instance, the Internet is abused to attack webspace or other trivial frameworks
for their political intents, coalesced with the likeliness that such virtual
attacks could turn adamantly grave to the point of being catalogued as a
Cyber terror attack.
Exploitation of Cyberspace by Terrorists:
Terrorist organisations use cyberspace for recruitment, command and control and
spreading their ideology. Internet being the largest reservoir of knowledge has
fuelled terror outfits to use this quality to set up virtual training camps in
cyberspace. In 2003, Al-Qaeda established its first online digital repository,
providing information on matters ranging from bomb-making to survival skills.
Today, the Internet is used by multiple self-radicalised patrons as a resource
Cyberspace has emerged as a new operational domain for terror and
extremist establishments, appending new dimensions to cybersecurity of
precluding online jihadist recruitment, radicalisation and raising of funds. The
terror outfit of IS has manoeuvred this stratagem and used it proficiently for
The militant group was able to recruit 30,000 fighters through social
media. Social media subsequently helped the group to establish its franchises
and expand its base in different countries. Additionally, terrorists use
Internet proficiency to reach out to masses to inspire acts of terror as well as
disseminate their messages.
There are various incidents of Cyber Terrorism in our Country and some are
In 1998, etlinic Tamil guemllas swamped Sri Lankan embassies with 800 e-mails a
day over a two-week period. The messages read "We are the Internet Black Tigers
and we're doing this to disrupt your communications." Intelligence authorities
characterized it as the first known attack by terrorists against a country's
During the Kosovo conflict in 1999, NATO computers were blaste witli e-mail
bombs and hit with denial-of-service attacks by hacktivists protesting the NATO
bombings. In addition, businesses, public organizations, and academic institutes
received highly politicized virus-laden e-raaiis from a range of Eastern
European countries according to reports. Web defacements were also common.
Since December 1997, the Electronic Disturbance Theater (EDT) has been
conducting Web sit-ins against various sites in support, of the Mexican
Zapatistas. At a designated time, thousands of protestors point their browsers
to a target site using software that floods the target rapid and repeated
download requests. EDT's software has also been used by animal rights groups
against organizations said to abuse animals. Electro hippies, another group of
hacktivists, conducted Web sit-ins against the WTO when they met in Seattle in
One of the worst incidents of cyber teirorists at work was when crackers in
Romania illegally gained access to the computers controlling the life support
systems at an Antarctic research station, endangering the 58 scientists
involved. More recently, in May 2007 Estonia was subjected to a mass cyber
attack by hackers inside the Russian Federation wliich some evidence suggests
was coordinated by the Russian government, though Russian officials deny any
knowledge of this. This attack was apparently in response to the removal of a
Russian World War II war memorial from downtown Estonia.
Cyber Terrorism versus Conventional Terror Attacks:
Cyberspace offers anonymity, easy access and convenience to terrorists to reach
the masses without much monetary expenditure. The ubiquitous cyberworld enables
terrorists to launch cyber attacks having far-reaching impacts and causing
staggering damages, more critical than physical attacks. Traditional terror
attacks are restricted to the physical limits of the place of attack.
while people outside the territorial limits of the attack do read and observe
such incidents, they do not get affected directly. A Cyber terror attack,
however, encompasses the potential of affecting millions without any territorial
limitations; at times, it is more enigmatic to find the perpetrator and trace
the point of origin of Cyber terror attacks.
Hence, cyberspace facilitates Cyber terrorists by enabling them to have a far greater reach than ever before.
Further, global interconnectivity of cyberspace results in proliferation of
potential targets for terrorists to attack, making it more dangerous than other
terror attacks. Such unmatched capabilities of cyber terrorism give terrorists
extraordinary leverage to engender more harm to society.
Thus, different factors make cyber attacks a capitative choice of terrorists:
Initiatives taken to mitigate Cyber terror attacks worldwide:
- cyber terrorism constitutes a low-cost asymmetric warfare element for terrorists
as it requires fewer resources in comparison to physical terror attacks. The
terror groups can inflict more damage to people and society with the same amount
of funds. Thus, the benefit–cost ratio for a Cyber terror attack is very high.
- Cyberspace provides anonymity, thereby enabling Cyber terrorists to hide their
identity. The Indian government had admitted in Rajya Sabha that attackers
compromise the computer systems situated in different locations of the globe and
use masquerading techniques and hidden servers to hide the identity of the
computer system from which the cyber attacks are propelled. It is the anonymous
nature of cyberspace that makes it arduous to attribute cyber attacks to any
- The CIs and other valuable state resources are not fully protected and thus
become an obvious target of Cyber terrorists. After designation of the target,
the cyber attack can be launched without any unwarranted delay and need for
- The Internet enables Cyber terrorists to initiate a cyber attack on any distinct
part of the world. Unlike physical terror attacks, there are no physical
barriers or checkpoints that block Cyber terrorists in the execution of
predetermined cyber attacks on designated targets. Likewise, cyber terrorism
involves less risk than physical terrorism.
- Cyberspace provides broad avenues for disseminating terror organisation
propaganda. It provides a larger audience for Cyber terror attacks, whose impact
goes beyond cyberspace to diverse systems.
The mushrooming menace of cyber terrorism has stimulated states and international
organisations to reform the global cybersecurity architecture for combating
Convention on cyber crime
The European Union's Convention on cyber crime, also called the Budapest
Convention, is the sole binding international convention on cyber crimes. It aims
at harmonising domestic laws, including an international cooperative framework,
and also proposes to improvise investigation techniques on cyber crimes for
member states. India is not part of this treaty.
United Nations (UN)
UN Global Counter-Terrorism Strategy: The strategy manifests the commitment of
all UN member states to eliminate terrorism in all forms. The resolution aims to
expand international and regional cooperation and coordination among states,
private players and others in combating cyber terrorism, and also seeks to
counter the proliferation of terrorism through cyber networks. The 2018
resolution over the sixth review of the strategy asks member states to ensure
that cyberspace is 'not a safe haven for terrorists'. It urges member states to
counter terrorists' propaganda, incitement and recruitment, including through
United Nations Office of Counter-Terrorism (UNOCT) : The UNOCT was set up on 15
June 2017, vide United Nations General Assembly (UNGA) resolution, following the
Secretary-General's report over UN's role to assist member states in
implementing UN counterterrorism strategy.
The UNOCT supplements the efforts of
member states against terrorism, including cyber terrorism. It provides
multi-stakeholder cooperation in securing the cyberspace of respective countries
from Cyber terror attacks. It has initiated various projects aimed at building
and upgrading capacity among states to combat cyber attacks and raising awareness
against cyber terrorism among masses.
United Nations Security Council (UNSC):
In 2017, UNSC adopted a resolution for
the protection of CI. The resolution asks the member states to establish
cooperation with all stakeholders at international and regional levels to
prevent, protect, respond and recover from cyber-enabled terror attacks over the
state CI. It also asks the states to share operational intelligence over the
exploitation of communication technologies by terror outfits. The UNSC
presidential statement in May 2016 recognised the requirement of global effort
to stop terror outfits from exploiting cyber networks.
Brazil, Russia, India, China and South Africa (BRICS) Counter-Terrorism Strategy
The strategy aims to counter international terrorism and its funding, enhance
cooperation in mutual legal assistance and extradition against terrorists,
improve practical cooperation among security agencies through intelligence
sharing, etc. The strategy resolves to 'counter extremist narratives conducive
to terrorism and the misuse of the Internet and social media for the purposes of
terrorist recruitment, radicalization and incitement.
Shanghai Cooperation Organisation (SCO)
The SCO has adopted several significant steps to counter the menace of
cyber terrorism. It established the Regional Anti-Terrorist Structure (RATS) in
2001 against terrorism. The 22nd session of SCO RATS council approved various
proposals to combat cyber terrorism, and also discussed the proposal to establish
a cyber terrorism centre. In 2019, SCO member states conducted
anti-cyber terrorism drills to prepare for future Cyber terror crisis.
2015, SCO submitted to UNGA an International Code of Conduct for Information
Security, proposing a secured and rule-based order in cyberspace. The code
suggests international cooperation among states to combat exploitation of ICTs
for terror-related operations. Furthermore, it specifies a code of conduct,
responsibilities of states and rights of individuals in cyberspace.
Cybersecurity and Infrastructure Security Agency (CISA) Act
The act establishes that the CISA will secure American cyber networks and CIs,
devise US cybersecurity formations and develop potential to defend cyber attacks.
Further, it secures the federal government's '.gov' domain network. It also
houses the National Risk Management Center (NRMC), which addresses most
strategic threats to the country's CI and crucial functions whose disruption can
have devastating impacts over American national interests, like security and
economy. In 2017, the US President issued an executive order (EO 13800) to
modernise US cybersecurity proficiencies against intensifying cybersecurity
threats over CIs and other strategic assets.
National Cyber Strategy of the US
The strategy, released in 2018, strengthens the US cyberspace to respond against
cyber attacks. It focuses on securing federal networks and CIs, as well as
combating cyber attacks. The cyber strategy primarily aims to protect American
people, preserve peace and advance American interests. It also provides for
military action to combat cyber attacks.
Israel launched its first-ever National Cybersecurity Strategy in 2017. The
policy document expounds the country's plan to advance its cyber robustness,
systemic resilience and civilian national cyber defence. The objective is to
develop an international collaboration against global cyberthreats, which
certainly includes Cyber terror threats. It also prioritises to defend Israeli
economic, business and social interests in cyberspace.
The Israel government passed several resolutions, like 3611, 2443 and 2444, to
expand institutional capacity for cybersecurity framework by establishing
National Cyber Directorate. Israel's cybersecurity framework focuses on four
The United Kingdom (UK)
- Improving domestic capabilities to confront futuristic and present-day
- Continuously upgrading and enhancing defence of CIs in the country.
- Fostering the republic's standing as an international hub for the development of
- Promoting effective coordination and cooperation among the government, academia
and private players.
The UK introduced the National Cyber Security Programme in 2015 to protect its
computer networks from cyber attacks. A five-year National Cyber Security
Strategy was also revealed in 2016 to make UK's cyberspace resilient from
cyber attacks and more secure by 2021. Further, in 2017, National Cyber Security
Centre was opened to respond to high-end cyber attacks.
Initiatives Taken In India:
Information Technology Act: Cyber terror Law of India
The Information Technology Act (hereafter the Act) sanctions legal provisions
concerning cyber terrorism. Section 66F of the Act enacts legislative framework
over cyber terrorism. It provides for punishment, extending to life imprisonment,
for cyber terrorism, along with three essential elements for an act to constitute
as cyber terrorism:
The act must intend to afflict terror in people's mind or jeopardise
or endanger the unity, integrity, security or sovereignty of India.
Act: The act must cause:
- unlawful denial of access to any legally authorised person from accessing
any online or computer resource or network;
- unauthorised attempt to intrude or access any computer resource; or
- introduce or cause to introduce any computer contaminant.
The act must also cause harm, like death, injuries to people, adverse
or destructive effect on the critical information infrastructure (CII), damage
or destruction of property or such disruptions likely to cause disturbances in
such services or supplies which are essential to life
Further, Section 66F also applies to instances where a person without any
authorisation or by exceeding his legitimate authorisation intentionally
penetrates or accesses a computer resource and obtains access to such data, or
information or computer base which has been restricted for Indian security
interests, or whose disclosure would affect the sovereign interests of India,
Protected Systems and CII The Act has a provision of 'protected systems',
empowering the appropriate government to declare any computer resource that
either directly or indirectly affects the facility of CII as 'protected system'.
Section 70(3) sanctions punishment up to 10 years with fine in case a person
secures or attempts to secure access to a protected system. The explanation
clause of Section 70 defines CII as: 'The computer resource, incapacitation or
destruction of which, shall have a debilitating impact on national security,
economy, public health or safety.'
The central government, under Section 70A of the Act, has designated National
Critical Information Infrastructure Protection Centre (NCIIPC) as the National
Nodal Agency in respect of CII protection. The union government has also
established Defence Cyber Agency to deal with matters of cyberwarfare and
Indian Computer Emergency Response Team (CERT-In) Section 70B of the Act
provides for the constitution of CERT-In to maintain India's cybersecurity and
counter cybersecurity threats against it. The CERT-In is expected to protect
India's cyberspace from cyber attacks, issue alert and advisories about the
latest cyberthreats, as well as coordinate counter-measures to prevent and
respond against any possible cybersecurity incident.
It acts as the national
watch and alert system and performs functions like:
- Collect, analyse and disseminate information on cybersecurity incidents;
- Forecast and issue alerts on cyber –incidents;
- Emergency measures to handle cybersecurity incidents;
- Coordinate cyber attack response activities;
- Issue guidelines, advisories, over cybersecurity measures, etc.
India has established domain-specific computer emergency response teams (CERTs)
to counter domain-specific cyberthreats and create a more secured cybersecurity
ecosystem in respective domains, like power grids and thermal energy. Further,
sectoral CERTs in the cybersecurity fields of finance and defence have been
constituted to cater to such critical domain's cybersecurity requirements.
National Cyber Security Policy:
The National Cyber Security Policy of India, released in 2013, aims to secure
Indian cyberspace and concretise its resilience from cyberthreats in all
sectors. It aims at developing plans to protect India's CII and mechanisms to
respond against cyber attacks effectively. It further focuses on creating a safe
and dependable cyber ecosystem in India.
The policy has facilitated the creation
of a secure computing environment and developed remarkable trust and confidence
in electronic transactions. Furthermore, a crisis management plan has been
instituted to counter cyber-enabled terror attacks. The Parliament also amended
the National Investigation Agency (NIA) Act in 2019, empowering the NIA to
investigate and prosecute acts of cyber terrorism.
Moreover, technology and threat Intelligence play major roles to counter
terrorism and cyber terrorism. The multi-agency centre (MAC) at the national
level, set up after the Kargil intrusion, along with subsidiary MACs (SMACs) at
state levels, have been strengthened and reorganised to enable them to function
on 24x7 basis. Around 28 agencies are part of the MAC and every organisation
involved in counter-terrorism is a member of this mechanism. This is yet another
important element of national initiative.
The Information Technology Act
India, as a fast-developing economy, aspires to control the global supply chain
and internationalise its economy. This vision automatically attracts a big
responsibility to protect cyberspace from possible cyberthreats, including acts
of cyber terrorism. India, however, has been rather vulnerable to
cyberthreats.Currently, with major economic activities transpiring through
digital platforms during the COVID-19 pandemic, the dreadful impact of
cyber terrorism has intensified.
The purpose of Cyber terrorists is to cripple the
CI of a nation and certain services, like telecommunications, banking, finance,
military complexes and emergency services, are most vulnerable to Cyber terror
attacks. Thus, it is necessary to comprehend the potential threat of
cyber terrorism to a nation like India, keeping in mind that the vulnerability of
Indian cyberspace to Cyber terror attacks has proliferated enormously. In 2018
too, the then Home Secretary admitted to India's exposure to cyberthreats and
its inadequacy in countering
Therefore, reforming and modernising the existing machinery to counter the
strategic challenge of cyber terrorism and providing efficient explications
acknowledging global pandemic is peremptory. Though the Act enacts provisions
regarding cyber terrorism, in order to make it a more focused legislation to
combat cyber terrorism, the following modifications are suggested:
The Act was originally enacted to validate e-commerce activities. However, its
preamble today must not remain limited to e-commerce only. It must additionally
include the objective of combating cyber terrorism.
The scope of the definition for cyber terrorism should be made more extensive by
including 'the usage of cyberspace and cyber communication'. The section does
not cover cyberspace use for communication and related purposes to fulfil and
execute terrorist objectives. The Act should incorporate provisions to cover
such acts to prevent acts of cyber terrorism.
To focus the orientation of the Act to combat cyber terrorism, it must have a
dedicated chapter on cyber terrorism, which would deal with all intricate
elements and dimensions of the acts amounting to cyber terrorism in detail.
Indian Cybersecurity Act
In 2008, the Information Technology Act was amended to incorporate provisions
concerning cyber terrorism. However, from 2008 to 2021, exploitation of
cyberspace by terrorists has undergone a systematic transformation. The
conglomeration of time and evolution of destructive technologies has made
cyber terrorism intricately complex and devastatingly lethal to deal with.
Cyber terrorists use innovative methods to exploit cyberspace for youth
radicalisation and to propel cyber attacks causing massive destruction.
evolution of destructive technological order aiding cyber terrorism warrants a
new modernised legal order, with empowered law enforcement agencies, to protect
Indian cyberspace against possible cyberthreats and preserve its cyber sovereign
India must consider enacting a new cybersecurity legislation, Indian
Cybersecurity Act, dedicated to deal with present-day cybersecurity challenges
and regulate all aspects of cybersecurity, including cyber terrorism. Further, in
view of the future consolidation of Cyber terror attacks, a new legislation would
additionally provide more effective, deterrent and stringent legal framework
against cyber terrorism.
Multiplicity of Organisations
Multiple government organisations handle cybersecurity operations of India,
resulting in overlapping jurisdictions and operations among organisations. Some
reformatory steps—like creating the National Cyber Security Coordinator under
National Security Council Secretariat (NSCS) and bringing central agencies under
its control—have been adopted. However, it is important to provide the exigent
task of cybersecurity exclusively to three central agencies, namely, CERT-In,
NCIIPC and Defence Cyber Agency, with well-delineated and defined jurisdictional
limits of operations and responsibilities. Instead of creating a parallel
hierarchical structure which results in unwarranted overlapping of work, the
jurisdictional limits of operations must be detailed through legislation to the
Further, there must be a regular review of the jurisdictions of organisations to
keep India's cybersecurity mechanism updated as per the continuously evolving
cyberspace. Since what today is not a CI might become intrinsically critical for
preserving national security tomorrow, the National Cyber Security Coordinator
must proactively coordinate the activities of the cybersecurity agencies to
intensify capabilities of India to counter cyber terrorism.
The government, like UNOCT, must undertake cybersecurity awareness programmes in
the country and establish an informative environment in the country against
possible cyberthreats (including cyber terrorism) in cyberspace. The government
must consider launching a cyber literacy programme (initially in areas
vulnerable to cyber attacks) on lines with 'Sarva Shiksha Abhiyan' to familiarise
people about the cybersecurity threats in a time-bound manner. This is
particularly important during the COVID-19 pandemic when most businesses are
running digitally through online mediums.
Indian Cybersecurity Service
India cannot reform and strengthen its gigantic cybersecurity framework from one
central place. Cybersecurity threats are the new normal for people, including
those living in distant parts of India. Therefore, India must establish Indian
Cybersecurity Service as an all-India civil service. It will provide India with
the best professionals (posted in different parts of the country at the
grassroots level) to deal with all aspects of cybersecurity, including
civil service would further equip the state governments with talented
cybersecurity experts to protect their cyber operations and deal with breaches
under their jurisdiction. The proposed civil service could also assist the state
police in solving cyber-related offences more effectively and expeditiously,
thereby improving the administration of justice in cyber crimes.
As these cybersecurity officials will get an opportunity to work in different
parts of the country in various capacities, like officers from other all-India
services, it will broaden their vision and first-hand operational experience of
cybersecurity issues faced by the people at grassroots level, as opposed to the
current paradigm (where majority of the officers and their work remains
restricted to headquarters).
Therefore, just like officers from other all-India
civil services get a significant say in the decision making due to their
extensive groundwork and direct first-hand experiences bestowing them with
actual ground realities, Indian cybersecurity officials will also get a far
greater say over most policy decisions concerning cyberthreats, cybersecurity
interests and others. Further, cyberspace is ubiquitous and interacts closely
with major economic and other operations in society.
greater say to cybersecurity officials in India will make cybersecurity central
to our major policy decisions and strengthen our cybersecurity framework on a
Conclusion & Suggestions:
Cyberspace has developed as a decentralised network of communication, without
any restriction over geographical boundaries of any country. Therefore,
international regulation and cooperative cybersecurity framework is essential to
deal with cyber terrorism effectively.
Since the current framework is incapable
of dealing with the menace, it is time to strengthen international law to equip
it to deal with cyber terrorism. India must also think about reforming its legal
framework or legislating exclusive cybersecurity legislation, which may provide
provisions for cyber terrorism.
With the prime minister advocating the use of technology for development and
administration, and also due to the global pandemic, cyberspace has been
integrated into various fields, like governance, public administration and trade
and business operations. In addition, there is continuous integration of
cyberspace with CI.
Thus, a multidimensional cybersecurity framework must be
introduced. The outbreak of COVID-19 has also accelerated the digitisation of
economic businesses and other activities. cyber attacks by terrorists can
virtually paralyse the financial and economic operations (including Indian Goods
and Services Tax [GST] network of the country. Hence, to boost the adoption of
counter-measures by states against cyber terrorism
and strengthen the cybersecurity framework, the World Bank must consider
'cybersecurity' as one of the parameters to decide ease of doing business index.
India must also try to reduce overlapping among cybersecurity organisations and
harmonise its process and laws as per the international best practices.
Further, the accelerated digital operations of business due to the pandemic has
made the state constitutionally bound to protect the cyberspace of India.
Article 19(1)(g) of the Constitution, read with Sodan Singh and Anuradha Bhasin
cases, grants the right to practice or do any form of livelihood within the
realms of law. Thus, the state must make sure that the constitutionally
protected fundamental right of occupation in cyberspace of Indian citizens is
protected in the current scenario. It must be noted that any business can
survive and flourish in a digital platform only when there is secured cyberspace
in place. Thus, the government is constitutionally bound to protect India's
cyberspace from cyberthreats, including cyber terrorism.
Cyberspace, today, interacts with significant economic, business and other
interests of India. So as to secure India's strategic, sovereign, economic and
business interests in cyberspace, the union must incorporate stringent deterrent
strategies and cybersecurity reforms at all levels of operation. It is important
to look at the big picture while analysing Cyber terror threats; and new
mechanisms must be developed and reformatory steps need to be introduced with
focus on the constitutional obligation of the state under Article 19(1)(g) and
Article 355 of the Indian Constitution.
- Information Technology Act, 2000 (Act 21 of 2000), Chapter III, Section
- Ibid., Section 66F(1)(A)(i).
- Ibid., Section 66F(1)(A)(ii).
- Ibid., Section 66F(1)(A)(iii).
- Ibid., Section 66F(1)(B).
- Ibid., Section 70.
- Ibid., Section 70(3).
- Misra, S.N.; Indian Penal Code; Central Law Publicaions;ed-13;p-88
- Cyber Law and its Applications by Prof. Shilpa S. Dongre