About cyber terrorism

CYBER TERRORISM : A NEW DIMENSION OF ASYMMETRIC WARFARE

CHAPTER I

INTRODUCTION

"Information Warfare, in any future conflict will give weaker nations, who do not possess the conventional military strength to win a war, an opportunity to wage an asymmetrical war. The day is not far when hired mercenary hackers will carry out remote attacks using viruses, worms or logic bombs on an adversary nation's computer systems. Probably, tomorrow's terrorist would be able to do more harm with a mouse and a modem than with TNT and RDX."

Alvin Toffler

1. The Internet has become a part of everyday life and is today a network of millions of computers spread out over countries. It enables communication with a wide range of people to a single specific individual or to a select audience. The internet transcends the barriers of nationality, culture, language, religion or creed. It permits nearly total freedom and individual choice. It is today beyond the control of any government or agency, and information flows freely throughout the world.

2. Undoubtedly, information technology has been the greatest change agent of the last century and promises to play this role even more dramatically in this millennium. It is continuously changing every aspect of human life - be it national defence and global security or communications, trade, manufacturing, services culture, entertainment, education, and research. It has also become the main indicator of the progress of nation states, communities and individuals. The developments in information technology (IT) are being increasingly adopted by operational planners in the government and armed forces. Information technology revolution has led the evolution of digital communication networks, cyberspace, microcomputers and associated technologies. If these are the scope and intensity of the applications of IT in our day to day life, the armed forces need to quickly grasp the enormous opportunities it offers to the terrorists to use cyber space as a weapon of future warfare. deals with a wide variety of subjects especially in the realm of technological advancement. Tremendous advances have been made in telecommunications and computers in the recent years. These advances have given the power to use information to a wide section of the population, thereby heightening challenges to information security. New technologies would have far reaching implications to defence forces and it would be prudent on the part of strategic decision makers to prepare for induction of newer innovations and also to meet the risks posed by them.

3. Currently, the world is going through technology and information based era. We have now the capability to transfer and share information at much faster rate. May it be the corporate sector or the communication network or the command and control network or the information and surveillance network, there is total dependency on computer and computer networking. The forms of cooperation, competition, conflict and warfare are changing as information technology is changing the way we observe, understand, decide and communicate. According to Alvin Toffler[1], we are going through the 'third wave'. This is about the ability to seek and control the flow of information, on a scale, which is unimaginable and is yet not fully explored and exploited. In other words, it is an era of knowledge based information age warfare. The information revolution has engulfed into its folds the entire range of a nation's basic infrastructures, like banking, military, politics, economy, transportation, etc. There seems to be no end in sight and we cannot remain aloof from its effects and choose to go without it. The information technology has permeated from the standalone PC to the widest possible area networks, all over the world, including the art of waging warfare.

4. Asymmetric warfare as defined by Wikipedia originally referred to war between two or more belligerents whose relative military power differs significantly. Contemporary military thinkers tend to broaden this to include asymmetry of strategy or tactics; today "asymmetric warfare" can describe a conflict in which the resources of two belligerents differ in essence and in the struggle, interact and attempt to exploit each other's characteristic weaknesses. Such struggles often involve strategies and tactics of unconventional warfare, the "weaker" combatants attempting to use strategy to offset deficiencies in quantity or quality. Such strategies may not necessarily be militarized. This is in contrast to symmetric warfare, where two powers have similar military power and resources and rely on tactics that are similar overall, differing only in details and execution.[2]

5. Terrorism has emerged as one of the most complex and perplexing phenomena the world has faced. In addition to the tactics and ideological complexities, the dynamic nature of terrorism proves itself in the way terrorists adapt new technologies, like computers and other IT tools. Establishing consensus-based, concrete, result-oriented international cooperation in responding to terrorism seems very difficult in practice. However, available mechanisms to facilitate formal or informal cooperation in the area of cybercrime and cyber terrorism may be encouraging.

6. Cyber terrorism is the employment of computing resources to intimidate or coerce another (government) to achieve some political goals. Cyber attacks involve activities that can disrupt, corrupt, deny, or destroy information stored in computers or computer networks. Cyber terrorism attacks can be: cyber attacks or physical attacks both affecting the informational infrastructure.

METHODOLOGY

Statement of the Problem

7.The aim of this dissertation is to study Cyber Terrorism as another dimension of asymmetric warfare and suggest measures to combat this threat.

Hypothesis

8.Cyber Terrorism as part of cyber warfare is the emerging theatre in which future conflicts are most likely to occur and has emerged as another dimension of asymmetric warfare.

Justification of the Study

9. The Information Age will define the 21st century as information systems permeate all aspects of life. Cyber warfare will take the form of a devastating weapon of the future battlefield and cyber terrorism would be integrated in the war fighting strategies of nations in the years to come.

The Information Revolution and consequent widespread computerisation is the hallmark of the last few decades of the millennium. The explosive growth in use of IT has profound effect an all facets of life at personal and national level. Computer systems globally have become interconnected and as a result, these networks have become much more vulnerable to attack. The premise of cyber terrorism is that nations and critical infrastructure are becoming increasingly dependent on computer networks for their operation. Also as armies around the world are transforming from a platform centric to a network centric force there is increasing reliance on networking technology. With all the advantages of such connectivity come unprecedented challenges to network security. A hostile nation or group could exploit the vulnerabilities in poorly secured network to disrupt or shut down critical functions.

Greater reliance on information systems will also lead to greater vulnerabilities. Threats to information infrastructure would be in the form of destruction, disclosure, modification of data or denial of service. The threats could be from hostile net users, hackers and malicious insiders.The incapacitation or destruction of critical national infrastructure would have a crippling impact on any country. A nation attacked by cyber terrorists can be completely cut off from the rest of the world and ruined by disabling its computers and communications networks carrying information pertaining to sectors such as banking, finance, trade, railways, airlines, shipping etc. There is also a potential danger to a country's national security. The protection of our information resources - information assurance, will thus be one of the defining challenges of national and military security in the years to come. To take advantage of Information Technology revolution and its application as a force multiplier, the Nation and army in particular needs to focus on Cyber Security to ensure protection / defence of its information and information system assets.

This study tries to analyse Cyber terrorism as another dimension of asymmetric warfare along with the threats and vulnerabilities that a country faces from it and suggest mechanisms and strategies to counter this menace.

Scope

10. This dissertation limits itself to a brief introduction to cyber terrorism and discusses the measures put in place by various countries in responding to cyber terrorist attacks. It would also suggest certain mechanisms and strategies to combat the threats posed by cyber terrorism.

Methods of Data Collection

11. The data has been collected mainly from documentary sources such as books and professional journals available in the DSSC library and articles posted on the Internet and newspapers. Also lectures on the subject by guest speakers have also contributed towards this study. A bibliography of sources is appended at the end of the paper.

Organisation of the Dissertation

12. The dissertation has been organised in the following manner: -

      Chapter II gives an overview of cyber terrorism giving out the definition, types and forms of cyber terrorism and the vulnerabilities facing a nation due to this.
      Chapter III analyses the threats posed by cyber terrorism.
      Chapter IV brings out the initiatives undertaken by various nations to defend against cyber terrorism.
      Chapter V suggests certain mechanisms and strategies to be implemented to combat the threat of cyber terrorism.
      Chapter VI consists of the conclusion.

    CHAPTER II

    CYBER TERRORISM : AN OVERVIEW

    The info revolution has given rise to nws & the power is progressively migrating to non state actors, because of their ability to org into sprawling multinational nws. This in turn implies that future conflicts will incr be waged by nw rather than hierarchical orgs. Info ops in an asymmetric environment are not likely to be a passing fancy & with time this threat is likely to proliferate across the spectrum of civ competition & mil conflicts.

    1. Unlawful attacks and threats of attack against computers, networks, and the information stored therein are the major weapons used by terrorists with the view to intimidate or force a government or public in furtherance of their objectives are generally covered under cyber terrorism. The term can perhaps be defined to mean the use of computing resources to intimidate or coerce others. Going by this broader definition, many cases of using new information and communication technology by the terrorists would be incorporated within the fold of cyber-terrorism. Technically, to be a case of cyber-terrorism, any incidence of attack should result in violence against persons or property, or at least cause enough harm to generate fear. Attacks that lead to death or bodily injury, explosions, plane crashes, water contamination, or severe economic loss would be examples. Serious attacks against critical infrastructures could be acts of cyber-terrorism, depending on their impact. Attacks that disrupt non-essential services or that are mainly a costly nuisance would not. We need to see the phenomenon of cyber-terrorism in a broader manner. The cases of using the Internet extensively to spread their messages and to communicate and coordinate their activities by the terrorists should also be included within the purview of cyber-terrorism.

    2. Cyber terrorism is more than a virus that creates a mild degree of annoyance such as a denial of service. It seeks to cause physical violence or significant financial harm. Targets may include power plants, military installations, the banking industry, air traffic control centers, water systems, and other major centers affecting the lives and well-being of many people and companies. The attacks may be effects-based i.e., the cyber-attacks result in creating fear similar to that of traditional terrorism or they may be intent-based, where the perpetrators seek to press their political, often religious-based, agenda in order to cause a government or its inhabitants to alter their views or actions or to cause serious harm to a nation and/or its peoples.[3] Cyber terrorists may operate anywhere in the world and can conceal their identities far more effectively, often with the cooperation of rogue states or through the lack of capability of local law enforcement agencies to act effectively. The injury caused by cyber terrorists may take place thousands of miles away from the physical location of the attacker, thereby effectively immunizing them from arrest.

    3. Cyber-terrorism is a real threat in today's situation. The term 'cyber-terrorism' had been coined by Barry Colin, a senior research fellow at the Institute for Security and Intelligence in California, in the 1980's to refer to the convergence of cyberspace and terrorism.[4] The various published definitions of cyber terrorism are as follows:-

      A criminal act perpetrated by the use of computers and telecommunications capabilities, resulting in violence, destruction and/or disruption of services, where the intended purpose is to create fear by causing confusion and uncertainty within a given population, with the goal of influencing a government or population to conform to a particular political, social or ideological agenda.[5]
      Cyber terrorism is a premeditated, politically motivated criminal act by sub-national groups or clandestine agents against information and computer systems, computer programs, and data that result in physical violence where the intended purpose is to create fear in non-combatant targets.[6]
      Cyber-terrorism is the premeditated, politically motivated attack against information, computer systems, computer programs, and data which result in violence against non-combatant targets by sub-national groups or clandestine agents. Politically motivated attacks that cause serious harm, such as severe economic hardship or sustained loss of power or water, might also be characterized as cyber-terrorism. [7]
      Cyber terrorism refers to the convergence of cyberspace and terrorism. It covers politically motivated hacking operations intended to cause grave harm such as loss of life or severe economic damage.[8]
      "Unlike a nuisance virus or computer attack that results in denial of service, a cyberterrorist attack would lead to physical violence or extreme financial harm. According to the U.S. Commission of Critical Infrastructure Protection, possible cyberterrorism targets include the banking industry, military installations, power plants, air traffic control centers, and water systems."

    CYBER TERRORISM : MEANS AND FORMS

    4. As in other forms of terrorism, cyber terrorism is composed of diverse forms and purposes. In nearly all cases, the methods employed by cyber terrorists are consistent with technologies employed by hackers, crackers and cyber criminals.

    Means of Cyber Terrorism

    5. Cyber terrorists use a variety of means to disseminate their agenda. Some of these are as follows:-

        Virus. This is a piece of a code which is attached to a program and becomes "alive" when the program is activated.
        Worm. It is a separate program that replicates itself onto computers without changing any other programs.
        Trojan Horse. It is a program fragment that appears to be a worm or a virus that permits the hacker to gain access to a system.
        Logic Bomb. This is a type of Trojan horse that may remain dormant until conditions arise for its activation.
        Trap Doors. These are means of permitting a programmer to access the user's software without the user being aware of the access.
        Chipping. This is like trap doors but dormant until access is desired.
        Denial of Service. The hacker sends almost innumerable requests for information that cause the computer systems to shut down.

    6. Forms of Cyber Terrorism. It is very difficult to exhaustively specify the forms of cyber terrorism. In fact, it would not be a fruitful exercise to do the same. Praveen Dalal opines that the nature of cyber terrorism requires it to remain inclusive and open ended in nature, so that new variations and forms of it can be accommodated in the future.[9] However, one of the classifications of the forms of cyber terrorism, applying the definition and the concepts discussed above is as follows:-

        Privacy violation.
        Secret information appropriation and data theft.
        Demolition of e-governance base.
        Distributed Denial of Services (DoS) attack.
        Network damage and disruptions.

    7. Methods of Attack. There are three methods of attack that may be addressed against computer systems:-

        Physical Attack. This is against computer facilities and/or transmission lines. This can be accomplished by use of conventional weapons to destroy or seriously injure computers and their terminals.
        Electronic Attack. This is accomplished by use of electromagnetic high energy or electromagnetic pulse to overload computer circuitry or microwave radio transmission.
        Computer Network Attack. This is accomplished usually by use of a malicious code to take advantage of software's weakness. It is employed by hackers who enjoy the challenge of attacking computer protection devices or for economic purposes by gaining access to identities of users of the programs or sites.[10]

    8. Types of Attacks. The types of attacks that may be conducted against computers and computer networks include the following:-

        Posting of graffiti on websites that are essentially harmless but annoying to computer users.
        Hackers who demonstrate the vulnerabilities of computers to outside attacks for reasons of pride in their capabilities to disable or affect computers.
        Criminal behavior, generally in the form of stealing passwords to gain access to bank accounts, credit cards, and the like in order to commit fraud and theft.
        Terrorist attacks to disable computers, gain entry into national security sites and data, cause havoc to a nation's economic structure, and other motivations.
        Radio Frequency (RF) Weapons. A series of smooth radio waves causing the target to generate heat and burn up.
        Transient Electromagnetic Device (TED's). Emission of a large burst of energy that targets a large spectrum of space. It can be the size of a briefcase, van size, or a large satellite dish.
        Electromagnetic Bomb/Pulse Weapon. Creation of an electromagnetic pulse viz. an electromagnetic shock wave that creates an enormous current many times that of a lightening strike.
        TEMPEST monitoring devices.
        Computer viruses, logic bombs, trojan horses.
        Denial of Service (Zombie) Attacks. Sending an overload of emails to the target system causing the system to crash.[11]

    9.

    Advantages of Cyber Terrorism Information warfare becomes a very attractive terrorist tool owing to some advantages that cyber-terrorism has over physical methods. Some of the advantages of using cyber methods are as follows:-

      Low Cost. The cost of purchasing advanced computer systems is extremely low. Almost any person can afford to buy a computer with sophisticated capabilities. If they cannot afford a computer, there are other means of obtaining access, even in the poorest countries. Examples are library and cybercaf� facilities. There is no suspicion attendant to such purchases, unlike the chemical and biological agents that could signal investigative agencies to come into play. (b) Relative Autonomy. Digital signals are virtually anonymous and can emanate from any part of the globe. A virus planted into a program can instantaneously be disseminated globally and cause severe complications before steps can be taken to mitigate the virus. Terrorists can communicate, download materials, send coded messages, and have cyber meetings of divergent groups and coordinate their activities. Although it is theoretically possible to monitor messages to and from these groups, it would be extraordinarily difficult for a government to know which computer of the tens of millions of computers is being utilized. (c) Damage Potential. The potential damage that cyber terrorists are able to accomplish include the destruction of computer programs and operating systems; access to confidential economic, research and development information from corporations; invasion of privacy of individuals; access to secret government data; a virtual shutdown of corporate activity and often the attainment of satisfaction of the ability to crash systems to expose vulnerabilities of systems. (d) Localised Effects. Most acts are likely to be committed anonymously or by groups who do not fear military retaliation. Consequently, there is no fear of escalation. Transnational terrorist organizations can use the Internet to share information on weapons and recruiting tactics, arrange surreptitious fund transfers across borders, and plan attacks. These new technologies can also dramatically enhance the reach and power of age-old procedures. Information processing technologies have also boosted the power of terrorists by allowing them to hide or encrypt their messages. (e) Handling of Explosives. The operation does not require the handling of explosives or a suicide mission. Besides, a cyber attack would garner extensive media coverage since journalists and the public alike are fascinated by practically any kind of computer attack. (f) Access to Critical Information. The world of internet, an ocean of information provides access to critical information. The September 11 terrorists could have found all the details they needed about the floor plans and design characteristics of the World Trade Center and about how demolition experts use progressive collapse techniques to destroy large buildings. The web also makes available sets of instructions needed to combine readily available materials in destructive ways. Practically anything an extremist wants to know about kidnapping, bomb-making, and assassination is now available online. Modern, high-tech societies are filled with supercharged devices packed with energy, combustibles, and poisons, giving terrorists ample opportunities to divert such non-weapon technologies to destructive ends.

      10. Drawbacks of Cyber Terrorism There are certain drawbacks too, some of which are enumerated below:-

          Low Degree of Control. Due to complex systems, it may be harder to control an attack and achieve a desired level of damage.
          Effectiveness. Since these operations do not cause physical injury to people at a broad level, it is less likely to arouse emotional appeal of the society and consequently, would be less effective.
          Difficulty in Predicting the Impact. There is little concrete evidence of terrorists preparing to use the internet as a venue for inflicting grave harm. Given that there are no serious instances of cyber �terrorism, it is not possible to assess the impact of acts that have taken place. It is equally difficult to assess the potential impact because it is hard to predict how a major computer network attack, inflicted for the purpose of affecting national or international policy, would unfold. [12]

      CHAPTER II

      CYBER TERRORISM : AN OVERVIEW

      The info revolution has given rise to nws & the power is progressively migrating to non state actors, because of their ability to org into sprawling multinational nws. This in turn implies that future conflicts will incr be waged by nw rather than hierarchical orgs. Info ops in an asymmetric environment are not likely to be a passing fancy & with time this threat is likely to proliferate across the spectrum of civ competition & mil conflicts.

      1. Unlawful attacks and threats of attack against computers, networks, and the information stored therein are the major weapons used by terrorists with the view to intimidate or force a government or public in furtherance of their objectives are generally covered under cyber terrorism. The term can perhaps be defined to mean the use of computing resources to intimidate or coerce others. Going by this broader definition, many cases of using new information and communication technology by the terrorists would be incorporated within the fold of cyber-terrorism. Technically, to be a case of cyber-terrorism, any incidence of attack should result in violence against persons or property, or at least cause enough harm to generate fear. Attacks that lead to death or bodily injury, explosions, plane crashes, water contamination, or severe economic loss would be examples. Serious attacks against critical infrastructures could be acts of cyber-terrorism, depending on their impact. Attacks that disrupt non-essential services or that are mainly a costly nuisance would not. We need to see the phenomenon of cyber-terrorism in a broader manner. The cases of using the Internet extensively to spread their messages and to communicate and coordinate their activities by the terrorists should also be included within the purview of cyber-terrorism.

      2. Cyber terrorism is more than a virus that creates a mild degree of annoyance such as a denial of service. It seeks to cause physical violence or significant financial harm. Targets may include power plants, military installations, the banking industry, air traffic control centers, water systems, and other major centers affecting the lives and well-being of many people and companies. The attacks may be effects-based i.e., the cyber-attacks result in creating fear similar to that of traditional terrorism or they may be intent-based, where the perpetrators seek to press their political, often religious-based, agenda in order to cause a government or its inhabitants to alter their views or actions or to cause serious harm to a nation and/or its peoples. Cyber terrorists may operate anywhere in the world and can conceal their identities far more effectively, often with the cooperation of rogue states or through the lack of capability of local law enforcement agencies to act effectively. The injury caused by cyber terrorists may take place thousands of miles away from the physical location of the attacker, thereby effectively immunizing them from arrest.

      3. Cyber-terrorism is a real threat in today's situation. The term ‘cyber-terrorism' had been coined by Barry Colin, a senior research fellow at the Institute for Security and Intelligence in California, in the 1980's to refer to the convergence of cyberspace and terrorism. The various published definitions of cyber terrorism are as follows:-

      (a) A criminal act perpetrated by the use of computers and telecommunications capabilities, resulting in violence, destruction and/or disruption of services, where the intended purpose is to create fear by causing confusion and uncertainty within a given population, with the goal of influencing a government or population to conform to a particular political, social or ideological agenda.

      (a) Cyber terrorism is a premeditated, politically motivated criminal act by sub-national groups or clandestine agents against information and computer systems, computer programs, and data that result in physical violence where the intended purpose is to create fear in non-combatant targets.

      (b) Cyber-terrorism is the premeditated, politically motivated attack against information, computer systems, computer programs, and data which result in violence against non-combatant targets by sub-national groups or clandestine agents. Politically motivated attacks that cause serious harm, such as severe economic hardship or sustained loss of power or water, might also be characterized as cyber-terrorism.

      (c) Cyber terrorism refers to the convergence of cyberspace and terrorism. It covers politically motivated hacking operations intended to cause grave harm such as loss of life or severe economic damage.>

      (d) "Unlike a nuisance virus or computer attack that results in denial of service, a cyberterrorist attack would lead to physical violence or extreme financial harm. According to the U.S. Commission of Critical Infrastructure Protection, possible cyberterrorism targets include the banking industry, military installations, power plants, air traffic control centers, and water systems."

      CYBER TERRORISM : MEANS AND FORMS

      4. As in other forms of terrorism, cyber terrorism is composed of diverse forms and purposes. In nearly all cases, the methods employed by cyber terrorists are consistent with technologies employed by hackers, crackers and cyber criminals.

      Means of Cyber Terrorism

      5. Cyber terrorists use a variety of means to disseminate their agenda. Some of these are as follows:-

      (a) Virus. This is a piece of a code which is attached to a program and becomes “alive” when the program is activated.

      (b) Worm. It is a separate program that replicates itself onto computers without changing any other programs.

      (c) Trojan Horse. It is a program fragment that appears to be a worm or a virus that permits the hacker to gain access to a system.

      (d) Logic Bomb. This is a type of Trojan horse that may remain dormant until conditions arise for its activation.

      (e) Trap Doors. These are means of permitting a programmer to access the user's software without the user being aware of the access.

      (f) Chipping. This is like trap doors but dormant until access is desired.

      (g) Denial of Service. The hacker sends almost innumerable requests for information that cause the computer systems to shut down.

      6. Forms of Cyber Terrorism. It is very difficult to exhaustively specify the forms of cyber terrorism. In fact, it would not be a fruitful exercise to do the same. Praveen Dalal opines that the nature of cyber terrorism requires it to remain inclusive and open ended in nature, so that new variations and forms of it can be accommodated in the future. However, one of the classifications of the forms of cyber terrorism, applying the definition and the concepts discussed above is as follows:-

      (a) Privacy violation.

      (b) Secret information appropriation and data theft.

      (c) Demolition of e-governance base.

      (d) Distributed Denial of Services (DoS) attack.

      (e) Network damage and disruptions.

      7. Methods of Attack. There are three methods of attack that may be addressed against computer systems:-

      (a) Physical Attack. This is against computer facilities and/or transmission lines. This can be accomplished by use of conventional weapons to destroy or seriously injure computers and their terminals.

      (b) Electronic Attack. This is accomplished by use of electromagnetic high energy or electromagnetic pulse to overload computer circuitry or microwave radio transmission.

      (c) Computer Network Attack. This is accomplished usually by use of a malicious code to take advantage of software's weakness. It is employed by hackers who enjoy the challenge of attacking computer protection devices or for economic purposes by gaining access to identities of users of the programs or sites.

      8. Types of Attacks. The types of attacks that may be conducted against computers and computer networks include the following:-

      (a) Posting of graffiti on websites that are essentially harmless but annoying to computer users.

      (b) Hackers who demonstrate the vulnerabilities of computers to outside attacks for reasons of pride in their capabilities to disable or affect computers.

      (c) Criminal behavior, generally in the form of stealing passwords to gain access to bank accounts, credit cards, and the like in order to commit fraud and theft.

      (d) Terrorist attacks to disable computers, gain entry into national security sites and data, cause havoc to a nation's economic structure, and other motivations.

      (e) Radio Frequency (RF) Weapons. A series of smooth radio waves causing the target to generate heat and burn up.

      (f) Transient Electromagnetic Device (TED's). Emission of a large burst of energy that targets a large spectrum of space. It can be the size of a briefcase, van size, or a large satellite dish.

      (g) Electromagnetic Bomb/Pulse Weapon. Creation of an electromagnetic pulse viz. an electromagnetic shock wave that creates an enormous current many times that of a lightening strike.

      (h) TEMPEST monitoring devices.

      (i) Computer viruses, logic bombs, trojan horses.

      (j) Denial of Service (Zombie) Attacks. Sending an overload of emails to the target system causing the system to crash.

      9. Advantages of Cyber Terrorism

      Information warfare becomes a very attractive terrorist tool owing to some advantages that cyber-terrorism has over physical methods. Some of the advantages of using cyber methods are as follows:-

      (a) Low Cost. The cost of purchasing advanced computer systems is extremely low. Almost any person can afford to buy a computer with sophisticated capabilities. If they cannot afford a computer, there are other means of obtaining access, even in the poorest countries. Examples are library and cybercafé facilities. There is no suspicion attendant to such purchases, unlike the chemical and biological agents that could signal investigative agencies to come into play.

      (b) Relative Autonomy. Digital signals are virtually anonymous and can emanate from any part of the globe. A virus planted into a program can instantaneously be disseminated globally and cause severe complications before steps can be taken to mitigate the virus. Terrorists can communicate, download materials, send coded messages, and have cyber meetings of divergent groups and coordinate their activities. Although it is theoretically possible to monitor messages to and from these groups, it would be extraordinarily difficult for a government to know which computer of the tens of millions of computers is being utilized.

      (c) Damage Potential. The potential damage that cyber terrorists are able to accomplish include the destruction of computer programs and operating systems; access to confidential economic, research and development information from corporations; invasion of privacy of individuals; access to secret government data; a virtual shutdown of corporate activity and often the attainment of satisfaction of the ability to crash systems to expose vulnerabilities of systems.

      (d) Localised Effects. Most acts are likely to be committed anonymously or by groups who do not fear military retaliation. Consequently, there is no fear of escalation. Transnational terrorist organizations can use the Internet to share information on weapons and recruiting tactics, arrange surreptitious fund transfers across borders, and plan attacks. These new technologies can also dramatically enhance the reach and power of age-old procedures. Information processing technologies have also boosted the power of terrorists by allowing them to hide or encrypt their messages.

      (e) Handling of Explosives. The operation does not require the handling of explosives or a suicide mission. Besides, a cyber attack would garner extensive media coverage since journalists and the public alike are fascinated by practically any kind of computer attack.

      (f) Access to Critical Information. The world of internet, an ocean of information provides access to critical information. The September 11 terrorists could have found all the details they needed about the floor plans and design characteristics of the World Trade Center and about how demolition experts use progressive collapse techniques to destroy large buildings. The web also makes available sets of instructions needed to combine readily available materials in destructive ways. Practically anything an extremist wants to know about kidnapping, bomb-making, and assassination is now available online. Modern, high-tech societies are filled with supercharged devices packed with energy, combustibles, and poisons, giving terrorists ample opportunities to divert such non-weapon technologies to destructive ends.

      10. Drawbacks of Cyber Terrorism

      There are certain drawbacks too, some of which are enumerated below:-

      (a) Low Degree of Control. Due to complex systems, it may be harder to control an attack and achieve a desired level of damage.

      (b) Effectiveness. Since these operations do not cause physical injury to people at a broad level, it is less likely to arouse emotional appeal of the society and consequently, would be less effective.

      (c) Difficulty in Predicting the Impact. There is little concrete evidence of terrorists preparing to use the internet as a venue for inflicting grave harm. Given that there are no serious instances of cyber ­terrorism, it is not possible to assess the impact of acts that have taken place. It is equally difficult to assess the potential impact because it is hard to predict how a major computer network attack, inflicted for the purpose of affecting national or international policy, would unfold.

      43

      CHAPTER III

      ANALYSIS OF THREATS POSED BY CYBER TERRORISM

      “One of the biggest threats to the future is going to be Cyberterorism”

      -Bill Clinton in December 2000

      At Foreign Policy farewell lecture at university of Nebraska

      1. Technological advances have always been of significant benefit to the society coupled with negative aspects. The Internet is among the latest scientific innovations that have transformed the lives of people and has made knowledge accessible to a degree never previously experienced at one's fingertips, sitting at home or in an office. Nevertheless, it is also coupled with dangers that may be minor in nature or have the potential of causing death or serious injury to the population on a global basis. The fear of vulnerability has been especially true after the terrorist attacks upon the New York World Trade Center in 2001 that led to extensive media coverage concerning the possibility of not only physical attacks but also possible attacks through the virtual world. Among the fears is the possibility that critical infrastructures, which are now relying on the Internet including energy, finance, transportation, and other essential services, may become subject to terrorist attacks and cause potential harm to citizens of the affected nation. The ability of governments to gauge threats to critical infrastructures has traditionally been contingent upon their ability to evaluate a malicious actor's intent and that actor's ability to carry out a deliberate action. This was significantly easier during the Cold War, when the authorities were merely concerned with the security of physical structures. Due to the global nature of information networks, attacks can be launched from anywhere in the world, and discovering the origin of attacks remains a major difficulty, if, indeed, they are detected at all.

      2. Physical security is not divorced from cyber security but rather has an interrelationship with it. Thus, it is important to protect oneself not only against viruses and other Internet access but also against physical access to servers, and networks. System vulnerabilities emanate from the ease of access to computers worldwide via the Internet, the harmful methods available to injure or destroy computers, the interdependence of computers both domestically and worldwide, and the globalization and dependence on computers by national infrastructures.

      3. The next world war could take place in cyberspace, the UN telecommunications agency chief warned as experts called for action to stamp out cyber attacks.
      “The next world war could happen in cyberspace and that would be a catastrophe. We have to make sure that all countries understand that in that war, there is no such thing as a superpower,” Hamadoun Toure said on Tuesday.
      “Loss of vital networks would quickly cripple any nation, and none is immune to cyberattack,” added the secretary-general of the International Telecommunications Union during the ITU's Telecom World 2009 fair in Geneva.
      Toure said countries have become “critically dependent” on technology for commerce, finance, health care, emergency services and food distribution. “The best way to win a war is to avoid it in the first place,” he stressed.
      As the internet becomes more linked with daily lives, cyberattacks and crimes have
      also increased in frequency, experts said. Such attacks include the use of “phishing” tools to get hold of passwords to commit fraud, or attempts by hackers to bring down secure networks.

      Modus Operandi of Cyber Terrorists

      4. Internet, the ‘mother of all networks' has some inherent features such as anonymity, interactivity and global reach which are ironically being put to use by the terrorist groups. By masking their identities, they are not only communicating with their remote members but are also using the network to facilitate travel bookings, hotel reservations and transfer of funds. There is a marked increase in the usage of internet as medium for soliciting financial backing by non state actors. The Islamist faction seems to have taken to the internet in a major way. News Agencies like MSA News (Muslim Students Association) take communiqués and articles from other Islamist sites and reproduce them on their website. A terrorist network like Bin Laden's wages ‘Jihad' on a global scale by making most of IT to coordinate and control the activities of the various dispersed elements. Lately, they have been reported to be using porn sites and chat rooms for exchange of messages. Terrorist groups like Hamas and Hizbollah are reported to be using ‘hush mail', an encrypted form of e-mail which prevents their tracking by intelligence agencies. Further, the internet offers a perfect media for propaganda and garnering of international support by virtue of its extremely low publication costs. One of the pioneers in this was Hisbollah, which maintains three sites - one for its central office, another for its Israeli targets and a third for information/news . Terrorist websites are also putting sensitive data like maps and tutorials on handling explosives. Some terrorist organizations also use the web for inspiring and recruiting militants. For instance, the LTTE website has a ‘Martyr's Page' replete with pictures dedicated to militants.

      5. Vulnerabilities posed by Cyber Terrorists.

      (a) Dependence on Info Sys / Nw. Our econ & civ infrastructures have all become dependent on real time comns. There is also an ever growing merger of civ & mil technologies. All these are vulnerable to intrusion & destr.

      (b) Vulnerabilities on the Battlefield. Mil ops depend on extensive & in certain cases fragile nws. The cumulative eff of all these sys can create a tgt rich environment & present a vulnerability that beckons expl.

      (c) Public Scrutiny. Everything today is news & subject to instantaneous scrutiny. This can influence strat, decision makers & national policies.

      (d) Ease of Conduct.

      (f) Access to Technology. Proliferation of technology has made high end eqpt easily available to any country or org around the world.

      (g) No Spatial Bdys. One of the greatest challenges in countering asymmetric threats in the realm of info ops is that bdrs have become insignificant in the virtual world.

      (h) Veil of Anonymity. Commercial info sys give an adversary the capability to strike various commercial, security & info infrastructures from a dist while enjoying anonymity. This creates a new dimension of warfare, where the adversary may well be a lone hacker with a laptop & an anti national agenda.

      6. Likely Manifestations of Cyber Terrorism.

      (a) Civ Arena.

      (i) Cyber attks on the sys of interdependent industries & institutions essential to nation's security.

      (ii) Targeting of ATC, commuter trains or even the cont sys for a nuc plant.

      (iii) Cyber attks on our econ & services sect.

      (iv) Govt nws connecting various functionaries, info & C2 highways may be a primary tgt leading to decision paralysis at the highest level.

      (v) Subversion of the indls who have legitimate access to a sys will allow attks with catastrophic fallouts.

      (b) Battlefield.

      (i) Acqn of technologies such as GPS jammers to degrade capabilities especially precision strikes.

      (ii) Achieve simultaneity by attks on sys throughout the battle space, ultimately breaking the sp sys & the will to fight.

      (iii) Misinterpretation & inaccurate info to degrade the soldier's morale.

      Characteristic Features of Cyber Attacks

      7. Compared to traditional security threat analysis, which consists of analyses of actors, their intentions, and their capabilities, cyber-threats have various features that make such attacks difficult to monitor, analyse, and counteract:-

      (a) Anonymity of Actors The problem of identifying actors is particularly difficult in a domain where maintaining anonymity is easy and where there are time lapses between the action that an intruder takes, the intrusion itself, and the effects of the intrusion. In addition, the continuing proliferation of sophisticated computer technologies among the mainstream population makes the identification of actors increasingly difficult.

      (b) Lack of Boundaries Malicious computer-based attacks are not restricted by political or geographical boundaries. Attacks can originate from anywhere in the world and from multiple locations simultaneously. Investigations that follow a string of deliberately constructed false leads can be time-consuming and resource-intensive.

      (c) Speed of Development Technology develops extremely quickly. The time between the discovery of a new vulnerability and the emergence of a new tool or technique that exploits that vulnerability is getting shorter.

      (d) Low Cost of Tools The technology employed in such attacks is simple to use, inexpensive, and widely available. Tools and techniques for invading computers are available on computer bulletin boards and various websites, as are encryption and anonymity tools.

      (e) Automated Methods Increasingly, the methods of attack have become automated and more sophisticated, resulting in greater damage from a single attack.

      Vulnerability Analysis

      9. It is not difficult to anticipate our accelerating transition to a knowledge-based society in the light of the leapfrogging strides in infrastructure development and networking. In the future, the rising dependence on IT would only render us more vulnerable to the very same technologies. The growing dependence is quite discernible by the burgeoning Internet user-base, and increased networking activity in the form of Local Area Network (LANs), Intranets and Extranets.

      10. Some critical networks, especially within the government and defense are briefly mentioned below to illustrate the growth of networking in the country's critical sectors.

      (a) Railways. Indian Railways, one of the busiest in the world, transports more than 11 million passengers daily. Country Wide Network for Computerised Enhanced Reservation and Ticketing (CONCERT) is one of the largest software projects to be implemented in India. The Railways has recently introduced online passenger reservation information services through its website.

      (b) NICNET. The government has designated the nation-wide computer communication network NICNET set up by the National Informatics Centre (NIC) as the government network. The satellite based VSAT network links about 540 district administrations, 25 state secretaries and 7 Union Territory (UT) administrations. The NICNET links spread to the Ladakh region and the Andaman, Lakshwadeep and Minicoy islands.

      (c) Military. The army has a fully automated communication network for its field forces-Army Radio Engineering Network (AREN) and Army Static Switch Communication Network (ASCON) for rearward connectivity from field forces. To serve its C4I2 functions, an Army Strategic Information System (ASTROIDS) has been set up for exchange of operational information between Army HQ, Command HQ and Corps HQ. In addition army has an Army Wide Area Network apart from the formation Local Area Networks over which various services like mail, file transfer and the intranet run. The air force has a dedicated communication network for its air defence -Air Defence Ground Environment System (ADGES) complete with radar and communication links for providing surveillance to various air defence elements. For its logistic operations there is an Integrated Material Management On-Line system (IMMOL). The navy is setting up its Navy Enterprise Wide Network (NEWN), which would connect all its ships and shore establishments. The Integrated Logistic Management System (ILMS) and Ship-Based Logistic Management System (SLMS) cater to the navy's inventory control and logistic management.

      (d) ERNET. The Education and Research Network (ERNET) has been providing network services to Indian academia and research community since 1990. Connecting more than 750 organisations, it brings together a large cross section of universities, academic institutions, Research and Development (R&D) laboratories, non-governmental organisations (NGOs) and more than 80,000 users.

      (e) National Stock Exchange (NSE). The NSE boasts of not only the first private VSAT network, but also the largest Wide Area Network (WAN) in the country. One of the few interactive VSAT based stock exchanges in the world to provide online trading of stocks; it is expected to grow to over 3,100 VSATs covering 425 cities.

      11. The Indian government needs to address these concerns. A comprehensive critical information infrastructure protection policy is yet to be framed; the focus to look at cybersecurity from a national security standpoint is still far away; and the revised IT Act is yet to be passed by Parliament.

      Incidents of Cyber attacks

      12. The threat from terrorists or non-state actors is a cause of great worry. A matter of concern is the realization that any person with reasonable security knowledge can access critical information. Cyber-terrorism (convergence of cyberspace and terrorism) offers ideal opportunities for terrorists to carry out remote attacks-safely, anonymously, and without the use of explosives. Terrorist propaganda through Internet websites (for e.g. websites of terrorist organisations like the Hezbollah and Liberation Tigers of Tamil Eelam (LTTE) can be accessed at www.hizbollah.org, www.eelam.com) and increasing use of satellite-phones, electronic-mail and instant messaging for communications have added to the woes of the intelligence agencies worldwide. In the recent terrorist strike at Red Fort by the Lashkar-e-Taiba group, the militants were found to have used a cyber café in North Delhi as a communication link for the operation. Almost at the same time as the Chinese attacks, there has been also the instance of the Swedish hacker breaking into the email accounts of a few of our foreign missions.

      13. Certain incidents given below clearly demonstrate the high levels of risks involved in the cyber space today.

      (a) In 1998, ethnic Tamil Guerillas swamped Sri Lankan embassies with 800 e-mails a day over a two-week period. The messages read, “We are the Internet Black Tigers and we are doing this to disrupt your communications.” The attack had the desired effect of generating fear in the embassies. Intelligence authorities characterize this as the first known attack by terrorists against a country's computer systems.

      (b) In 1999, NATO computers were hacked into and flooded with e-mails. There was a denial of service (DOS) attack. The hackers were protesting against the NATO bombings in Kosovo. Businesses, public organizations and academic institutions were bombarded with highly politicized e-mails containing viruses from other European countries. NATO is treating the threat of cyber warfare as seriously as the risk of a missile strike, according to a senior official. Suleyman Anil, who is in charge of protecting NATO against computer attacks, said: "Cyber defence is now mentioned at the highest level along with missile defence and energy security. "We have seen more of these attacks and we don't think this problem will disappear soon. Unless globally supported measures are taken, it can become a global problem."

      (c) Crackers in Romania illegally gained access to the computers controlling the life support systems at an Antarctic research station, endangering the lives of 58 scientists involved. However, the culprits were stopped before damage actually occurred.

      (d) In May 2007, Estonia was subjected to a mass cyber attack by hackers inside the Russian Federation. Some evidence suggests that this was coordinated by the Russian government although the Russian officials deny any information of the same. The attack was apparently in response to the removal of a Russian World War II memorial from downtown Estonia. The attack was a distributed denial of service attack in which selected sites were bombarded with traffic in order to force them offline. Nearly all Estonian government ministry networks as well as two major Estonian bank networks were knocked offline. In addition, the political party website of the Prime Minister featured a counterfeit letter of apology from him for removing the memorial statue.

      Acts of Cyber Terrorism / Cyber Attacks in The Indian Context

      14. India faces a serious threat from cyber terrorists and steps should be taken to thwart them, a cyber security expert said here Tuesday. The country is vulnerable to cyber terrorism and any such attack will bring it to a standstill and will have long-term impact on business and investment, said Ankit Fadia, who helped Mumbai Police to trace the email sent by terrorists soon after 26/11 attacks. Ankit warned that India could face cyber terrorism on the scale of the one witnessed in Estonia in 2007. The small Baltic country came to a standstill due to three-week wave of massive cyber attacks. The banking system, stock trading, communications, airports, railway stations and several other key activities could be paralysed due to such attacks. In the recent cases of Ahmedabad and Delhi blasts, criminals hacked into wi-fi systems of individuals to send terror mails.

      15. These incidents are all a form of protest rather than acts of terrorism or violence. Besides, they did not cause any physical harm or injury. However, the matter of concern is the realization that any person with reasonable security knowledge can access critical information. These personnel could well be terrorists trying to destroy our country. These incidents clearly demonstrate the high levels of risks involved in the cyber space today.

      (a) Cyber terrorists can be domestic Kashmiri terrorists or international terrorists such as Al Qaeda. Terrorists may be classified as cyber terrorists whether they solely rely on cyber terrorism to further their cause, or whether they use cyber terrorism in addition to other more conventional forms of terrorism. Almost every facet of modern life today, including financial institutions, production facilities and government functions, has become increasingly dependent on computer technology. The economy and trade of the developing nations is highly dependent on electronic transactions, which are vulnerable to a cyber terrorist attack.

      (b) Acts of cyber terrorism between two nations can gradually transform itself to cyber skirmishes and ultimately to an all-out cyber war. A similar situation is developing between India and Pakistan which began in 1998. Major Targets of Pakistani Hackers in the past have been the Gujrat Government, Ministry of External Affairs, India Gandhi Centre for Atomic Research, India Online Bazaar, Indian National IT Promotion, India Today, Nuclear Science Centre and Telecommunication companies.

      (c) A recent breach include that by a Swedish security professional by the name of Dan Egested creating a sensation by finding out the e-mail passwords of about 100 senior Indian government officials including several embassy officials and DRDO officers and thereafter posting them on the internet. The access to the confidential correspondence could have had serious repercussions on national security. Another incident concerned the hacking of the website of one of the major banks and infesting it with malicious coded that downloaded about 22 trojans to any individual who visited the home page of the bank. Some of these Trojans could be ‘Key loggers' resulting in the compromising of security of all the bank's customers. Yet another incident demonstrated the power of SMS/phone spoofing through the websites. In a well published TV programme, a chartered accountant from Ahmadabad showed how he could put through a call in the name of the home minister to another minister. Also, the web server of the National Police Academy was penetrated and a phishing site hosted thereon.

      (d) Is there a similar danger of an act of cyber terrorism, seeking to damage or destroy critical infrastructure, emanating from India because of the availability of qualified information technology experts in terror groups. This question is likelyto occupy the attention of terrorism experts following the announcement by the Mumbai Police on October 6,2008, of the arrest of 20 suspected members of the so-called Indian Mujahideen (IM), who had played a role in the serial blasts in Ahmedabad on July 26,2008, in the abortive attempt to organise similar blasts in Surat the next day and in the serial blasts in New Delhi on September 13,2008. Among those arrested arefour IT-savvy members of the IM, who had played a role insending the e-mail messages in the name of the IM before and after the Ahmedabad blasts and before the New Delhi blasts by hacking into Wi-fi networks in Mumbai and Navin Mumbai.

      8. According to a report prepared by the Computer Emergency Research Team from the central IT ministry, a total of 692 websites have been hacked into in September alone. The unit has now asked the respective state governments (Haryana and UP) to secure their own websites. ‘We have instructed all state governments to install security measures, especially for those sites which contain sensitive data,'' said a senior ministry official. According to sources, almost all types of websites have been affected — dotcom, dotin, dotgovt and even dotedu. ‘‘A total of 511 websites in the domain of dotin have been affected — 74% of all those affected — while 20% of the websites are in the dotcom domain. In our own IT department, a total of 63 attacks have been reported. Curiously, 21 of these attacks have come from hackers based in China,'' said a senior government official.

      The National Security Council Secretariat (NSCS) has ordered a high-level inquiry into the supply of encryption devices last year to the Indian Air Force and the National Technical Research Organisation (NTRO) by stateowned, Bangalore-based Bharat Electronics Limited (BEL). A senior NSCS officer confirmed that the government has come across instances of Chinese companies indulging in industrial espionage and accessing top secret data, including those of Indian companies, by hacking into the servers.

      Cyber Terrorism - Methodology

      16. Geography is limitless and irrelevant when dealing with cyber terrorism threats. We must think in terms of cyber terrorist acts as happening in cyberspace, regardless of locale or origination or target. A reassessment of the cyber threat has four elements. First, we need to put cyber-warfare and cyber-terrorism in the historical context of attacks against infrastructure. Second, we need to examine cyber attacks against a backdrop of routine infrastructure failures. Third, the dependence of infrastructure on computer networks and the redundancy needs to be kept in mind. Finally, the use of cyber-weapons in the context of the political goals and motivations of terrorists, and whether cyber-weapons are likely to achieve these goals needs to be considered.

      Cyber Attacks - Asymmetrical Warfare

      17. Cyber Terrorism Target. Selection of a target by a terrorist or a nation some or all of these elements may be considered consciously or unconsciously for conduct of a cyber attack :-

      (a) Visibility. How conspicuous is the target to the government and people that the cyber terrorist wishes to terrorize? For example, blowing up a building, a crowded shopping area, or barracks full of soldiers is far more visible.

      (b) Vulnerability. How exposed is the target to attack? Computer systems that are more difficult to penetrate or damage are less attractive than systems that are easily compromised.

      (c) Access How much access is there to the target? If the target can be reached through the Internet, through a dial-up telephone connection, or through a pathway from a system the cyber terrorist has access to, then it is a far more attractive target than a closed system.

      (d) Reliance How strongly are people dependent on the target system? Whether reliance is emotional, psychological, economic, physical, or life-or-death, without it, the target is not desirable.

      (e) Probability of Success . In the selection of a target, the cyber terrorist must determine what the chances of success or failure are. While a failure of a cyber terrorist mission may not result in the arrest or injury of the terrorist, a window of opportunity may be lost.

      (f) Scale. If a terrorist act affects only a few, then scale has not been achieved, and the act will not be as effective. The media is exploited in the accomplishment of a terrorist act, and the greater the scale of the act, the greater the media coverage.

      18. Nature. Cyber Attacks are rising exponentially and several factors contribute to this equation. The growth of the Internet raises the number of both attackers and targets. Vulnerabilities of new software versions continue to grow sophisticated hacking tools are easily accessible. The weapons of cyber war are available for download on the Internet unlike the weapons of conventional warfare the tools of this trade requires no long-term acquisition, training or fielding to mount. The dilemma in the cyber world is not only to detect attacks are but also to understand why one is attacking. Cyber attacks, whether standalone or co-ordinated occurs at the time when choosing on the adversaries. They are inherently stealthy and can be used in critical periods at a crucial point in a war or at high profile events. It is likely that cyber attacks will accompany physical attacks to enhance the impact and reduce the response capabilities of the recipient. Combining physical attacks with cyber attacks increases their impact and limits other assistance. This type of attack will serve as a force multiplier. Information technology offers new opportunities to terrorists. A terrorist organisation can reap low-risk, highly visible payoffs by attacking information systems. By using cyberspace as the new conflict medium, terrorists can obviate the distance between themselves and their targets. They no longer need to be physically present at the location to execute acts of violence. Terrorists could target digital information systems in pursuit of political goals and in order to attract the attention of the public they could perpetrate their acts with the media at the forefront of their strategy.

      By using the Internet the terrorist can affect much wider damage or change to a country than one could by killing some people. It could range from disabling a country's military defences to shutting off the power in a large area or disrupting the financial networks. The terrorist can thus affect more people at less risk to him or herself, than through other means. A terrorist organisation intending to carry out an electronic attack needs to build up the necessary technical expertise and buy the equipment to disrupt, damage or destroy target information systems. Alternatively, it could always hire people proficient in network attacks. The current trend towards easy to use hacking tools indicates that in future the hurdle of technical expertise would be considerable lower.

      India may be the most vulnerable place in the world now for physical terror attacks, but experts who trawl the Internet to track terror trails in cyberspace say that the country is equally vulnerable to cyber terrorism.

      The propaganda using the Internet is intense, and encompasses not only websites but also blogs, Web 2.0 -- like the Orkut -- and other areas of the cyberspace, including email groups and even recorded messages left as voice mails.


      Cyber attacks can come in many forms. However it is the anti-Indian propaganda, or what some call "radical Islamist propaganda," that dominates.

      "The propaganda is almost always in Urdu or Arabic which few in India can follow," he said. "The other problem with regard to particularly radical Islamist websites is that,these sites are hosted from developed countries in the EU like Germany, Spain, Italy, France and the likes, where such websites are not under close scrutiny of the respective governments."

      According to experts the biggest impact of cyber terrorism is that it has been able to spread its hatred or radicalism far and wide, as well as attract followers from all walks of life succeeding in converting them to insurgents.

      Nevertheless, according to Cyber Society of India (CYSI) raging a passive ideological war is not the only form of cyberterrorism India suffers from; the country is also attacked routinely by terrorist hackers who snoop into government owned websites and personal computers for monetary gains.

      This is why CYSI feels that besides ramping up the country physical security infrastructure, the government also needs to ramp up the country's ICT infrastructure to prevent cyberattacks.

      Through a recent plea to the IT ministry, CYSI has called for development of a comprehensive, integrated security system to address security concerns of India's ICT space. Urging the government to take proactive measures, CYSI has also called for a revamp of the country's IT ACT of 2000 to make it effective for the current challenges India faces in the cyberspace

      19. Mechanics

      (a) Privacy violation: a person (including a foreign national) contravenes the privacy of an individual by means of computer, computer system or computer network located in India, he would be liable under the provisions of the Act.

      (b) Secret information appropriation and data theft: The information technology can be misused for appropriating the valuable Government secrets and data of private individuals and the Government and its agencies. A computer network owned by the Government may contain valuable information concerning defence and other top secrets, which the Government will not wish to share otherwise. The same can be targeted by the terrorists to facilitate their activities, including destruction of property.

      (c) Demolition of e-governance base:The aim of e-governance is to make the interaction of the citizens with the government offices hassle free and to share information in a free and transparent manner. It must be noted that the primary aim of all cyber terrorist activities is to collapse a sound communication system, which includes an e-governance base. Thus, by a combination of virus attacks and hacking techniques, the e-governance base of the government can be caused to be collapsed.

      (d) Distributed Denial of services attack: The cyber terrorists may also use the method of distributed denial of services (DDOS) to overburden the Government and its agencies electronic bases. This is made possible by first infecting several unprotected computers by way of virus attacks and then taking control of them. Once control is obtained, they can be manipulated from any locality by the terrorists. These infected computers are then made to send information or demand in such a large number that the server of the victim collapses. Further, due to this unnecessary Internet traffic the legitimate traffic is prohibited from reaching the Government or its agencies computers. This results in immense pecuniary and strategic loss to the government and its agencies

      (e) Network damage and disruptions: The main aim of cyber terrorist activities is to cause networks damage and their disruptions. This activity may divert the attention of the security agencies for the time being thus giving the terrorists extra time and makes their task comparatively easier. This process may involve a combination of computer tampering, virus attacks, hacking, etc., these provisions can be safely invoked for meeting challenges posed by network damage and disruptions caused by cyber terrorists.

      43

      CHAPTER IV

      INITIATIVES UNDERTAKEN AGAINST CYBERTERRORISM

      The comity of nations has realized the threat facing the countries from cyber terrorism. The countries have put in place certain mechanisms to counter this threat wherein which they have been able to deter the cyber terrorists even if not totally defeat their intentions. The International Community has also been trying hard to make cyber security an essential part of the day to day lives of citizens. Dartmouth's Institute for Information Infrastructure Protection (I3P) has its cyber security research recommendations. They are in the form of a set of recommendations for in cyber security which need to be implemented in the next 5 to 10 years. The four areas that have been recommended are:-

        1. A is needed.
        2. Metrics and assessment tools must be.
        3. An effective for security must be created.
        4. The of security must be addressed.

      International Initiatives

      The regional groupings and the individual countries have also amended laws to tackle cyber terrorists as also put in place some initiatives in this regard. There have been concerted efforts by the countries to utilize the established grouping of nations to evolve mechanisms to counter the cyber attacks. Some of the initiatives are as follows:-

      The European Union

      The E.U. has created the Critical Information Infrastructure Research Coordination Office which is intended to ascertain from member states how their infrastructures are being protected from possible cyber attacks. The European Union (E.U.) issued a Council Regulation which binds all members of the European Union to freeze funds of persons who knowingly and intentionally participate in acts of terrorism or in preparation thereof. The Council of the E.U. maintains a registry of the names of people and groups who assist in the commission of terrorist acts. Each member state is to cooperate with the other member states in collecting and sharing data with a view toward criminally prosecuting persons engaged in terrorist activities. Consequently, vulnerabilities can be detected and security measures suggested averting destructive consequences.

      The Council of Europe adopted a Convention on Cybercrime on 23 November 2001, creating a common criminal policy for the protection of society against cybercrime. The measures that were to be taken at the national level were as follows:-

      The adoption of substantive criminal laws to address offenses against the confidentiality, integrity, and availability of computer data and systems including laws against illegal access, illegal interception, data interference, system interference, and misuse of devices.

      Computer related offenses, forgery, fraud and infringements of copyright and related rights.

      The G8 Ten-Point Action Plan

      Ministers at the G8 agreed on December 11, 1997, that a ten-point action plan was to be undertaken in order to combat existing cyber-crime and lay the groundwork for the 21st Century. Although they refer to cyber-crime, the steps announced clearly apply to cyber terrorism. The plan calls for actions by member-states to use their established network of knowledgeable personnel to ensure a timely, effective response to transnational high-tech cases and designate a point-of-contact who is available on a 24-hour basis; review legal systems to ensure they appropriately criminalize abuses of telecommunications and computer systems and promote the investigation of high-tech crimes; trans-border searches; work jointly with industry to ensure that new technologies facilitate their efforts to combat high-tech crime by preserving and collecting critical evidence etc.

      OECD

      The Organization of Economic Cooperation and Development issued Guidelines for the ‘Security of Information Systems and Networks: Towards a Culture of Security', on 25 July 2002. Among the aims of the guidelines were the promotion and foundation of a culture of security among the member states, the raising of awareness concerning the risks and means necessary to address them, ethical issues, promotion of cooperation and information sharing. Governments of member states were to develop national policy on information and security and ensure cross-border cooperation. They were to establish institutions such as CERTS (Computer Emergency Response Teams) that exchange threat and vulnerability assessments.

      Creation of CERT's

      The CERT's were created to disseminate information concerning vulnerabilities and attacks to the public. The objectives of CERT's included enhancing awareness of security issues among policy-makers and technical staff, aid in monitoring critical infrastructures, and creating a task force in IT security. It creates awareness of the potential hazards through organized conferences and workshops, by press releases The countries have also introduced mandatory and periodic security audits and created a body of auditors in the field. Other laws introduced were concerning the protection of privacy and security, electronic signature and e-commerce, a law against cybercrime, and a statute on consumer protection and respect of intellectual property.

      etc. Besides CERT's are mandated to monitor cyberspace and seeks to detect potential threats.

      United States

      The duty of combating cyber terrorism has been entrusted to the Strategic Command's Joint Task Force-Global Network Operations (JFT-GNO) which directs the operation and Global Information Grid on behalf of the US Department of Defense (DOD).

      There are also special training programs concerning cyber terrorism, weapons of mass destruction, mobile antiterrorism, an International Law Enforcement Academy, Interdicting Terrorist Organizations, Advanced Explosive Incident Countermeasures, Underwater Explosive Incident Countermeasures, and detection of fraudulent documents. The programs appear to have had considerable success in the training of security personnel in thwarting almost all terrorist incidents.

      The other major initiatives are as follows:-

      Project Echelon. This is an agreement among the US, U.K, Canada, Australia and New Zealand. Each of the nations agrees to share information captured on communications satellites that monitor millions of messages an hour using voice recognition and other means to ascertain keywords in a multitude of languages in order to identify possible cyber terrorists and other related and unrelated criminal activities.

      Carnivore. It is an electronic surveillance program that is a part of a surveillance package known as ‘Dragon Ware Suite.' The program, known within the FBI as ‘DCS-1000,' can read millions of e-mails per second, look for key words or phrases, review banking and web browsing activities of individuals, and examine the number of usages, time spent and other critical data. A tapping device at the ISP's access point accomplishes it. In this manner, suspected terrorist operations are tapped into for revelations of possible unlawful activities.

      Patriot Act of 2001. The passage of the Act was a milestone in U.S. legislation. Title II of the Patriot Act entitled Enhanced Surveillance Procedures amended the Foreign Intelligence Surveillance Act of 1978 (FISA), thereby permitting the wiretapping of aliens and U.S. citizens where there is cause to believe that they are members of a terrorist group or agents of a foreign power. The statute is specifically aimed at foreign groups or persons and data related to actual or potential attacks, sabotage, clandestine intelligence activities, and information concerning national defense. It also permits domestic law enforcement authorities to share foreign intelligence and counter-intelligence information with the Central Intelligence Agency (CIA) without a court order. This was hitherto not permitted. Title III of the Patriot Act, entitled International Money Laundering Abatement and Anti-Terrorist Financing Act of 2001 increases U.S. capabilities of preventing, detecting, and prosecuting international money laundering schemes and the financing of terrorism; subjecting foreign institutions and jurisdictions to special scrutiny; and ensuring the forfeiture of assets in connection with alleged anti-terrorist efforts.

      China

      Its Computer Information Network and Internet Security, Protection and Management Regulations are aimed mainly at state security. It prohibits the use of the Internet to harm national security or disclose state secrets. Information that incites resistance to the country's Constitution, laws, or administrative regulations by use of the Internet is prohibited. It provisions are extensive and forbid even the use of computer networks or network resources without prior approval.

      European Countries

      A number of countries in Europe have developed safeguards against cyber terrorism. The tasks of rendering protection from terrorists and related attacks are disbursed among a number of agencies in Europe.

      The United Kingdom

      The responsibility for maintenance of security is scattered among the ministerial Cabinet committees and subcommittees, the Ministry of Justice, intelligence services including the Security Service (M15), the Secret Intelligence Service (SIS or M16), and the U.K.'s foreign intelligence service. Other agencies providing protection are the British Transport Police with respect to railway systems in the U.K., the Civil Nuclear Constabulary with respect to nuclear facilities, 43 regional police departments, and the military.

      The principal challenges facing the U.K. are the strengthening of border controls, and protection of the critical national infrastructure.

      The United Kingdom (U.K.) enactments are as follows:-

      The Regulation of Investigatory Powers Act in 2000 allows the Government access to e-mail and other electronic data. It also created a special division in the National Criminal Intelligence Service to investigate electronic crime.

      Cross Departmental Counterterrorism Strategy (CONTEST). Enacted in April 04, it concerns four “P” areas, namely, prevent (ascertain the causes of terrorism), pursue (terrorists are to be identified and their efforts impeded), protect (especially critical infrastructures), and prepare (be ready to respond to terrorist attacks).

      France

      French law provides special powers to the judicial and police authorities for ordering wiretaps, surveillance and preventive detention of suspects up to six days without filing charges. If a threat is imminent, a system called “Vigipirate” can be activated on two levels by the President without legislative approval. The first level or “simple” level provides for sending police to sensitive areas such as power plants, embassies, airports, trains and train stations, and fuel facilities whilst the second level encompasses the summoning of the military, police forces, and other security personnel to guard against national attacks.

      Like the U.K., responsibility for combating terrorism in all its forms is scattered among various ministries.

      Germany

      Germany has enacted measures in the legal, law enforcement, financial, and security areas. These include the revocation of immunity of religious groups and charities from investigation or surveillance; the prosecution of terrorists in Germany even if the acts were committed abroad; the curtailment of the entry and residence of terrorists within Germany and the strengthening of border and aviation security. It has taken measures to survey and seize terrorist financing. A new immigration law now makes deportation easier and naturalization more difficult.

      Like the U.K. and France, the task of providing protection against terrorism is dispersed among a number of ministries, namely Interior, Justice, Defense, Foreign Affairs, and Finance.

      Italy

      Law enforcement and intelligence gathering is accomplished by the country's State Police. In addition, the Italian military corps or carabinieri also carry out police duties. It has an elite counterterrorist unit, gathers intelligence, and investigates terrorist organizations. Italy's main intelligence and security services are carried out by The Military Intelligence and Security Service under the Ministry of Defense.

      India : Few Initiatives

      The Government of India has put in place some mechanisms to counter the threat of cyber terrorism. Some of the initiatives are enumerated in succeeding paragraphs.

      Indian Computer Emergency Response Team (CERT-In). This is a functional organization of the department of Information Technology, Ministry of Information and Communications Technology, Government of India, with the objective of securing Indian cyber space. CERT-in provides Incident Prevention and Response services as well as Security Quality Management Services. Its proactive services include advisories, security alerts, vulnerability notes and security guidelines to help organizations secure their systems and networks. The reactive services include minimising damage on occurrence of security incidents.>

      National Cyber Security Assurance Framework. This is being established by the CERT-In for protection of Critical Information Infrastructure. As part of this, 57 ‘Security Auditors' have been empanelled for auditing, undertaking vulnerability assessment and penetration testing of computer systems and networks of various organizations of the government, critical infrastructure organizations and those in other sectors of the Indian economy. The CERT -In acts as the mother CERT in the country helping the formulation of sectorial CERTS in critical fields.

      Collaboration with Vendors. The CERT has initiated steps to collaborate with IT product vendors and security vendors such as Microsoft, Cisco, Redhat, eBay, Mc Afee, Symantec etc. for security assurance.

      International Collaboration. The CERT is also collaborating with international security organizations and CERT's to facilitate exchange of information related to latest cyber security threats and international practices. It became a member of the Asia Pacific CERT (APCERT) in Mar 2006 and of the Forum for Incident Response and Security Teams (FIRST) in Dec 06. It also organized numerous workshops including the ones for the ASEAN countries in Aug 06 and the ARF in Sep 06. The ARF Workshop on cyber security was attended by 58 delegates from 20 countries apart from various other representatives. The topics of discussion included the Threat of Cyber Terrorism - National Perspective, Government Initiatives on Cyber Security and protection of critical information infrastructure, Cyber Security - Trends and Protection Strategy to counter Cyber Terrorism and Areas of Cooperation.

      The Information Technology Act, 2000 and IT Act Amendment 2006. This sets forth computer offenses that are outlawed including the tampering with computers, unauthorized access, damaging or destroying data therein, publishing obscenity, and disclosing private information with consent. The amendment had recommended that the Act should provide for defining ‘Cyber Terrorism' as an offence under the Act. It is necessary to recognize that ‘Cyber Terrorism' includes both ‘Use of ICT in support of Physical Terrorism' as well as ‘Terrorism in Cyber Space'. However, cyber terrorism does not find a mention in the 2006 Amendment. But, the ITAA 2006 authorises the Indian Computer Emergency Response Team (CERT-In) to serve as the nodal agency in respect of Critical Information Infrastructure for coordinating all actions relating to information security practices, procedures, guidelines, incident prevention, response and report. The Director of the Indian Computer Emergency Response Team may call for Information pertaining to Cyber Security from the service providers, intermediaries or any other person. Any person who fails to supply the information called for shall be punishable with imprisonment for a term which may extend to one year or with fine which may extend to one lakh rupees or with both.

      Indo-US Joint Working Group. India and US have realized the need for cooperation on counter-terrorism. Indo-US Joint Working Group on Counter-Terrorism was established in January 2000 as a symbol of their personal commitment to intensify bilateral cooperation as a critical element in the global effort against terrorism. They also announced the establishment of a Joint Cyber-Terrorism Initiative.

      Internet Security Center. The Ministry of Information Technology decided in 2003 to establish a $20 million Internet security center in New Delhi. The center addresses computer security incidents, publishes alerts, and promotes information and training. Software Technology Parks India (STPI)—an autonomous body of the government—has a stake in the proposed center. The Center for Development of Advanced Computing (C-DAC) and the Defence Research and Development Organisation (DRDO) have been at the forefront of information security technologies. The Networking and Internet Software Group of the C-DAC, for example, is working on the development of “core network security technologies,” which include C-DAC's Virtual Private network, crypto package, and prototype of e-commerce applications. FIRST-India (Forum for Incident Response and Security Teams) is a non-profit organization for facilitating “trusted interaction amongst teams from India conducting incident response and cyber security tasks. Membership is open to private and public sector organizations in India, including the Defense Public Sector Undertakings.There is a growing partnership between the defence and private industry to evolve IT security solutions for the defence information infrastructure. In this regard, the development of 'Trinetra', an encryption system for secure communications by the Indian Navy in collaboration with IIT Kanpur deserves special mention. The private companies offer a wide base of security solutions ranging from security auditing and consulting to implementation of solutions like firewalls, encryption technology and intrusion detection devices.

      Defense Information Warfare Agency. The armed forces have established an information warfare agency under the tri-service integrated defense staff. The new agency, called the Defense Information Warfare Agency (DIWA), will manage all aspects of IW, such as psychological operations, cyber war, and electromagnetic and sound waves. It will be the nodal agency that will make policies for all the three services as well as formulate countermeasures to enemy propaganda.

      Resource Centre for Cyber Forensics (RCCF). Taking note of the rising cases of cyber crimes, the government has set up a at the Centre for Development of Advanced Computing (CDAC) at Thiruvananthapuram. The RCCF will develop a cyber forensics tool kit, carry out R&D in cyber forensics to meet the requirements of the law enforcement agencies and provide technical services including training to such agencies. The central government has developed several tools for cyber forensics, which includes disk forensics, network forensics and device forensics.

      76

      CHAPTER V

      MECHANISMS AND STRATEGIES TO COUNTER CYBER TERRORISM

      1. Our preparedness for cyber terrorism must be broader, to include all levels of private and public activity. Today critical local and national systems like communications, economy and national defense are computer controlled. Cyber terrorism strikes terror by slowing down or destroying cyber systems and thereby the information flow. Security can only be increased to make the nation and its information infrastructure less susceptible. It would also need better intelligence to stop plans in progress and work on backup systems or plans to reduce the impact should a successful attack be carried out. The Internet offers a wide range of possibilities for terrorists and terrorist organizations to launch attacks that can be digitally launched and which can affect data, spreading of terrorist-related contents and the conventional use of the Internet, e.g. for communication with each other. The legal framework that is available to the international community must address new possibilities for terrorists and at the same time respect the liberties of legitimate users.

      2. Cyber security is a serious issue-and the realisation is fast dawning in India too. We cannot afford to be reactive in our approach towards information security, responding to stray attacks on our information infrastructure. In an increasingly networked environment, the need to be proactive in our approach towards securing a wired India is of paramount importance.

      3. The challenges facing Indian Cyber security mechanisms are as follows :-

      * NIC which has been involved in many e-Governance projects and a natural choice for ensuring cyber security in e-Governance project does not seem to have made much progress.

      * CDAC has been involved in certain research projects and is not in the forefront of strategizing a national cyber security plan.

      * Private sector is concerned only in its needs to get ISO certified.

      * NASSCOM isfocusing onbuilding a security organization for BPOs which is in the early stages of planning.

      Strategies and Mechanisms to combat Cyber Terrorism

      4. There needs to be a sincere effort on the part of all agencies to ensure that the cyber attacks launched by the terrorists are defeated ab-initio. Interim measures will need to be applied diligently by IT security professionals until that time when new and creative solutions are realized. While a number of initiatives have been undertaken, the nature of the issue demands a more holistic and integrated approach. An effective Cyber Security strategy should deliberate on each of the four vital aspects of legislation, policy, technology and training.

      5. The need for the nation to manage the information and other related aspects are enumerated as under:-

      (a) Integrated Approach. The need for Integrated approach at the highest level has been established by the very fact that the realm of information transcends all dimensions of society including the military. The apex committee should have representations from politics, the three services, industries, experts in field of economics, electronics and strategists.

      (b) Policy. The policy should spell out the national security interests. It will need to be aggressive in stance. Deterrence element in the policy with proactive and tough retaliatory and punitive intent must be explicit.

      (c) Strong Political Will. No matter how well a policy or a strategy has been devised lack of political will to implement the same reduces the efficacy to near “VOID”. Therefore it is necessary to inculcate this aspect in the mindset of political thinking.

      (d) Flexibility and Resilience. The policy/ strategy devised should be dynamic and sensitive to changes in the environment. Information Technology will continue to develop leaps and bounds with every passing year and the strength of the policy or strategy will be in its capability to conform to these changes without changes in its basic structure.

      (e) Defence Force. Specific organisation needs to be created within defence forces to combat information warfare specific to military matters and domination of battle space. This organisation will cater to operate in an environment of information transparency and its protection measures. Some features of such an organisation needs to be as enumerated below: -

      (i) Joint Services Organisation. This organisation will have to be joint services organisation at the controlling level, with service specific organisation with specific sector profile at lower levels.

      (ii) Interconnectivity. All agencies within this organisation should have vertical and horizontal connectivity for continuous availability of information at all levels of the organisation.

      (iii) Artificial Intelligence. The availability of Information will be in such large quantities that it may not be feasible to process the same into hard intelligence in real time. This aspect can be handled by artificial intelligence interface between the decision-maker.

      (iv) Security. Cyber security will form a major task of this organisation and should be geared up adequately for the same.

      (v) Technology. Technology within this organisation should be of state of art and must have inbuilt funding facility for upgradation.

      (f) Monitoring and Protection. A plan needs to be developed at the national level for monitoring and effective protection of cyberspace.

      6. Certain strategies and mechanisms recommended to be put in place are discussed in the following paragraphs.

      Defence against cyber-terrorism

      7.

      Strategies of Cyber Defense. The three basic strategies for defense against cyber attacks are Protection, Deterrence and Prevention.

      8.

      Protection. Protection seeks to reduce vulnerability by hardening possible targets against attack, minimizing the damage that such attacks can do, and increasing the ability to recover quickly. Protection measures against cyber attacks can be taken at both local and national levels.

      (a) Local Protection. At the local level, protection would involve steps that each potential target, military or civilian infrastructure, must take for its own security. Protection in this context means local defense- that is hardening particular nodes in the information infrastructures in an effort to reduce and perhaps even eliminate vulnerabilities. Protection involves both technical and non technical measures. Technical measures are tools used to secure information systems, akin to a lock on the door. Such tools are numerous and varied but the most common are authentication, firewalls, encryption, audit logging, intrusion detection and monitoring, virus protection, and vulnerability assessment tools. Non technical measures refer to standard operating procedures adopted to implement technical security measures, akin to a regulation requiring anyone to lock the door behind them when they leave.

      (b) National Protection. This involves a national protection program to secure the nation's critical infrastructure from cyber attacks. The program emphasizes interagency cooperation for planning, sharing information, and coordinating a government response to infrastructure attacks.

      7. Deterrence. Deterrence implies reducing the incentive of other actors to engage in cyber attacks through credible threats of retaliation. Deterrence requires several elements that are quite difficult to achieve in a cyber attacks context. First, there must be a clear declaratory policy that specifies what punishment an aggressor can expect if he carries out particular unacceptable behavior or attack. Next, the deterrence system must have the ability to identify an attack and the attacker, and the ability and the willingness to respond in ways that cause unacceptable damage to the attacker. Finally, deterrence requires establishing the credibility to retaliate in the eyes of the prospective adversary. Given these elements, a deterrence strategy might work.

      8. Prevention. Prevention means hindering the ability of enemies to acquire, deploy, or successfully use IW weapons and techniques. In terms of limiting the ability to acquire IW capability, the world governments currently restrict the export of some IW related technologies, such as cryptographic systems and software, and limits the dissemination of IW related information. However, limiting the spread of capability will be very difficult. Computer and communication technologies have already spread throughout the world. However, another important approach can be measures to prevent or limit the deployment and use of IW tools.

      National security strategy

      9. Any strategy to secure Indian cyberspace should have the following national priorities:-

      (a) Layered approach to Information Security.

      (b) Cyberspace Security Response System.

      (c) Cyberspace Security awareness and training program.

      (d) Legislative Support.

      10. Layered Approach to Information Security. There is a need not only of revamping physical security mechanism but also focussing on electronic counter measures to ward of the looming threat of cyber terrorism. The complexity and potency of diverse threats mandate fail safe countermeasures that are well conceived and coordinated. Layered defence consists of a numbers of hardware and software technologies deployed in the following layers:-

      (a) Perimeter Security. Outer most layer caters for physical security and also safeguards against electronic attacks through surveillance and access control technologies.

      (b) The next layer has firewalls and other devices that act like gatekeepers, controlling the access to information networks.

      (c) The innermost layer directly protects the data or information itself by encrypting it.

      11. Cyberspace Security Response System. The Ministry of Communication and Information Technology has set up Indian Computer Emergency Response Team (CERT-In) with the primary mission of enhancing the security of India's communications and information Infrastructure through proactive action and effective collaboration. The key functions of (CERT-In) are; it is a centre for Incident reporting, analysis and incident response. It is not only collaborating with International CERTs like APCERT, US-CERT, CERT/CC, Aus CERT etc but is also cooperating with various vendors like Microsoft, CISCO, Red Hat, McAfee and Symantec. In addition to this NASSCOM in association with the Chandigarh administration, has developed a state- of-the-art Regional Cyber Security and Research Centre at Chandigarh. This centre is the first cyber security research centre in the country that will engage a multi disciplinary team of researchers and faculty to conduct specialist research in the areas of information and cyber security and performance optimisation in networking in a cost effective manner.

      12. Security Awareness and Training. Security of cyberspace cannot be solely a government responsibility and requires collaboration and cooperation of private sector and the people. At the level of an individual there is a need of creating awareness about the developing threats and the measures that can be taken to mitigate these threats. To create awareness and to enable users to implement best practices there is a need to organize workshops and training programmes for audiences such as financial and banking sector officers, system administrators, internet service providers etc. Organisations need to control their employees' access to information and this can be done only when information is clearly categorised or classified (as in the case of the military). Restricting access to the Internet and relying on isolated mainframe computers to store vital information resources are a few measures that should be incorporated in an organisation's Cyber Security policy. In the corporate sector, unfortunately, a majority of the security breaches go unreported, fearing loss of customer confidence. The practice of not reporting security breaches and cyber-crimes is a major hindrance to the progress of law enforcement agencies in combating cyber-crime. Presently, no reliable data is available on the nature and extent of security breaches. With the Ministry of IT and NASSCOM both establishing IT security centers, this information can be made available along with details on IT security trends and available technology. Lack of budgets, poor awareness and practically no training in Info security practices are the other equally vital areas where organisations need to invest, in terms of both money and manpower. Customised security solutions comprising smart cards, firewalls, intrusion detection devices, encryption algorithms and biometric systems (e.g. fingerprint and retina scan) are commercially available today, albeit at a cost. While the best of firewalls can be circumvented and encryption codes cracked by hackers, technology itself cannot provide the answer to a fool-proof security system. Security is based on three aspects: people; systems and procedures. As systems and procedures are developed by people, human resources are the key to cyber-security initiatives. Building cyber army from volunteers can't be a solution for national security even if they are the elite of computer security experts. It is the same as if best sportsmen or hunters were to build an army. They may run fast or excel in precision shooting, but they will not succeed in logistics and tactics. In order to train a cyber army there needs to be a structure created that will use them efficiently. There have to be procedures created to help handle the situations effectively. All this needs to be built first before any training can begin. It is already clear that standard army field manuals can't be used to help build the cyber troops as here quality matters not quantity. Also tactics has to be built from scratch in order to achieve objectives necessary. Separation of offensive and defensive training is more clearer and distinctive than in real combat training.

      14. Legislative Support. As we develop a national Internet backbone and a National Information Infrastructure, the protection of critical information infrastructure takes maximum priority. We need to identify the 'Minimum Critical Information Infrastructure' and secure it with the utmost resolve. A national strategy on Cyber Security should issue guidelines and determine mandatory practices for government, defence, industry and individuals. Organisations in turn should be accountable with well-defined security policies, catering to their current and future requirements. This can be enforced only through compulsory computer security audits as done in the case of financial audits. Cyber Security is an ongoing process and needs constant updating of policies of technology. Even the IT Act 2000 needs updating on various issues like digital signatures and Public Key Infrastructure (PKI) to enable e-commerce transactions on the net. Legislative Support. The growing use of IT has posed certain challenges before the justice delivery system that have to be met keeping in mind the contemporary IT revolution. The challenges posed by IT are peculiar to contemporary society and so must be their solution. The traditional procedural mechanisms, including forensic science methods, are neither applicable nor appropriate for this situation and are inadequate. Thus, “cyber forensics” is the need of the hour. India is the 12th country in the world that has its own “Cyber law” (IT Act, 2000). However, most of the people of India, including lawyers, judges, professors, etc, are not aware about its existence and use. The law itself has some loopholes and an amendment to introduce new offences like Cyber stalking, Privacy invasion, Identity theft and redefining of others is the need of the hour along with other amendments. The problem of cyber terrorism is multilateral having varied facets and dimensions. Its solution requires rigorous application of energy and resources. It must be noted that law is always behind technology. This is so because we have a tendency to make laws when the problem reaches its zenith. We do not appreciate the need of the hour till the problem takes a precarious dimension. At that stage, it is always very difficult, if not impossible, to deal with that problem. This is more so in case of offences and violations involving information technology. One argument, which is always advanced to justify this stand of non-enactment is that the measures suggested are not adequate to deal with the problem. However, it must be appreciated that ‘something is better then nothing'. The ultimate solution to any problem is not to enact a plethora of statutes but their rigorous and dedicated enforcement. The courts may apply the existing laws in a progressive, updating and purposive manner. It must be appreciated that it is not the ‘enactment' of a law but the desire, will and efforts to accept and enforce it in its true letter and spirit, which can confer the most strongest, secure and safest protection for any purpose. The enforcement of these rights requires a ‘qualitative effort' and not a ‘quantitative effort'.

      The critical areas in the Indian context should include:

      (a) Banking and finance (including NSE and BSE).

      (b) Energy (power, oil and natural gas).

      (c) Transportation (railways, National Highways Authority of India (NHAI), civil aviation and ports).

      (d) Defence.

      (e) Telecommunication and space (including telephone and media services).

      (f) Vital public conveniences (water supply, hospital and emergency services).

      Cyber Security Plan

      15. National Cyber Security Structure Plan. The national cyber security infrastructure could be headed by a ‘National Cyber Command'.This Command would supervise the following divisions each of which would undertake programmes for education, product development, standardization and certification, regulatory measures etc.:-

      Security of Critical Infrastructure. This would cover the security requirements of select installations of national importance such as the nuclear power stations, rocket launching stations, armed forces installations, communication centres etc. This would be the equivalent of the Cyber Command which USA has envisaged and would mainly have military objectives.

      Security of Non Critical Government Infrastructure. All other government assets and infrastructure would come under this category. This could be handled by the Cert-In.

      Security of Industry Infrastructure. The industry level information security managers could coordinate their efforts through a self regulating body such as the Confederation of Indian Industry (CII).

      Individual Security. This could be implemented by the joint initiatives of the Government and private sector security product companies.

      Cyber Crime Policing. An Indian Cyber Crime Police (ICCP) cadre could be created and all state Cyber Crime police stations and CBI cyber crime units be merged with this. The officials in this cadre could have a separate career plan and be professionally managed outside political control. India urgently needs a well-trained special police force to deal with cyber crimes and it must be equipped and trained to deal with all kinds of internet bugs, law minister Veerappa Moily said on Sunday. “India does not have a specific police force to deal with cyber crimes and implementation of laws against crimes in the virtual world. India needs it urgently following the footsteps of US and South Korea,” Moily said at an interactive seminar for judges, heads of police forces and prosecution of states here. He said there were many impediments that needed to be overcome soon. While a vast majority of the police force or prosecutors in the country had no experience of tackling cyber crime, judges too lacked experience in appreciating evidence in such cases. As cyber crime knows no geographical boundary, the absence of international cooperation between police forces adds to the woes of victims and lets the culprit go scot free, he said.

      Governments' Role in Combating Cyber Terrorism

      16. At National Level. Cyber terrorism is a fairly recent threat; therefore, there is still speculation as to who is ultimately responsible for combating cyber terrorism. However, the government's inability to deal with cyber terrorism is part of the problem. For every fifty complaints given to law enforcement by private corporations, only one was prosecuted. In an attempt to generate preparedness for cyber terrorism, the U.S. government has developed the National Strategy to Secure Cyberspace. The three objectives of the plan are to:-

      (a) Prevent cyber attacks against America's critical infrastructures,

      (b) Reduce national vulnerability to cyber attacks, and

      (c) Minimize damage and recovery time from cyber attacks that do occur.

      17. The strategy also sets out five priorities that are critical to defending against cyber terrorism. First, the plan calls for the development of a national cyberspace security response system. Second, the strategy calls for a national cyberspace security threat and vulnerability reduction program. Third, the plan calls for the development of a national cyberspace security awareness and training program. Fourth, the strategy seeks to secure all systems and networks used by the government. Finally, the plan calls for national and international cyberspace security cooperation.

      18. For the strategy to be effective, it requires active participation by all cyberspace users, including the average home user, small businesses, large corporations and enterprises, any and all critical infrastructures, and all government agencies. Because of the nature of the threat, and the nature of the strategy to defeat the threat, it appears that to have an effective defense against cyber terrorism, a combined effort between international, federal, state, and local law enforcement agencies will be necessary.

      19. At International Level. In the battle against cyber terrorism, Interpol has played a significant role on the international level. Interpol has 178 member countries, making it the second largest international organization, second only to the United Nations. Interpol serves as a link between law enforcement agencies of member countries. Interpol also sponsors working groups on many international criminal issues, such as computer crime, corruption, environmental crime, trafficking in women and children, and other issues. Furthermore, Interpol has a database containing over 300,000 criminal files.

      20. In order to combat cyber terrorism, Interpol is attempting to facilitate data sharing between member nations, conducting operational information analysis, sponsoring training in cyber terrorism issues, and providing intelligence to member nations.

      21. Another step being taken on the international level to combat cyber terrorism is the formulation of joint working groups. An example of this is the India - U.S. joint working group on counter terrorism. The working groups have been able to increase countries' exchange of information, strengthen investigative cooperation, facilitate the signing of mutual legal assistance treaties, and have accomplished several other significant anti terrorism agreements. The India - U.S. joint working group also introduced a bilateral cyber security forum, specifically focusing on cyber terrorism issues and information security.

      Two in Reserve Policy

      20. As a long-term strategy for countering Cyber-Terrorism, Bob Blazer of the Information Sciences Institute has proposed the ‘Two in Reserve policy. This policy retains, in reserve, the two strongest defenses developed in each security area, to be deployed only in a cyber-emergency to counter an otherwise unstoppable attack. The rationale behind this policy is based on the theory of genetic mutation wherein the deployment of a defense induces emergence of probes and attacks which are resistant to the deployed defense.

      21. By holding defenses in reserve, the defenders get to choose when to deploy them and maximize their effectiveness at that chosen time. During a cyber emergency, the ability to halt the attack thrust and buy time represents a major strategic advantage.

      Traditional Defense against the New Terrorism

      22. Crenshaw feels that defense against terrorism where a computer or the Internet plays an important part in the terrorism matrix is very similar to defending against terrorism that does not. The regular practices (deterrence, law, defense, negotiations, diplomacy, etc.) are still effective, except that the scope of certain elements is expanded. For example, traditional strikes against military bases, targeting of key leaders, and collective punishment have been effective in traditional terrorism and certainly have potential for dealing with some aspects of cyber terrorism. These techniques are often presented, and can be updated to include their ‘virtual' counterparts.

      23. A forward-looking approach to terrorism that involves computers is therefore highly contextual in its basis. Traditional anti-terrorism defenses must be deployed, taking into account the virtual factors.

      Policy of Cooperation amongst the Sovereign Organs of Constitution

      24. Praveen Dalal opines that the menace of cyber terrorism can be effectively curbed, if not completely eliminated, if the three sovereign organs of the Constitution work collectively and in harmony with each other. Further, a vigilant citizenry can supplement the commitment of elimination of cyber terrorism.

      (a) Legislative Commitment.The legislature can enact appropriate statutes dealing with cyber terrorism. Appropriate amendments have been made in the I.P.C, 1860, the Indian Evidence Act, 1872 and the Reserve Bank of India Act, 1934 to give effect to the provisions of Information Technology Act, 2000. On the same lines, a new chapter dealing with “Cyber terrorism” can be added to the already existing criminal statues to make them compatible with modern forms of terrorisms.

      (b) Executives Concern. The Central Government and the State Governments can play their role effectively by making various rules and regulations dealing with cyber terrorism and its facets from time to time. CERT-In has to instruct the Department of Telecommunications to block the web sites after verifying the authenticity of the complaint and satisfying that action of blocking of website is absolutely essential.

      There is no explicit provision in the IT Act, 2000 for blocking of websites. In fact, blocking is considered to be censorship; hence it can be challenged if it restricts the freedom of speech and expression. But websites promoting hate, contempt, promoting racism, violence and terrorism etc. can be reasonably blocked since they cannot claim the Fundamental Right of free speech and expression.

      (c) Judicial Response. The judiciary can play its role by adopting a stringent approach towards the menace of cyber terrorism. Since the Internet is a cooperative venture not owned by a single entity or government, there are no centralized rules or laws governing its use. The absence of geographical boundaries may give rise to a situation where the act legal in one country where it is done, may violate the laws of another country. This process is further made complicated due to the absence of a uniform and harmonised law governing the jurisdictional aspects of disputes arising by the use of Internet. However, a country may claim jurisdiction when an activity takes place within the country; when an activity takes place outside a nation's borders but the ‘primary effect' of the action is within the nation's borders; either the actor or the victim is own citizen; or to protect the nation's sovereignty when faced with serious threats.

      The Five Point Strategy

      25. John Arquilla and David Ronfeldt have suggested the following five-point strategy to deal with cyber-terrorism:-

      (a) A ‘decentralized, transnational network' that communicates in real time. The quality and quantity of intelligence can be enhanced by cultivating an open source model—by including non-government organizations like Amnesty International and NGO's into the network.

      (b) Controlling the battle of the story by focusing on a war between an emerging global civilization and religious fanaticism. The best way is to expose such terrorists for what they truly are.

      (c) Real time information transfer by updated battlefield intelligence practices and interconnected battle-field sensors.

      (d) Low cost, net-based intelligence tools to take on the network. Satellites may be able to look down on specific building or tents but cannot reveal who is within them.

      (e) Attacking the core of a widely dispersed, multi-level network. Battling anyone in the world who shares the terrorist's mindset and modus operandi calls for eventually taking every mode in the terrorist network.

      Best Practices

      26. Most problems of system security can be parsed into user sloppiness, system sloppiness, and poor software. User sloppiness includes poorly chosen passwords, or passwords left in public places. Systems sloppiness likewise, includes a security regime that lets users choose their own passwords, that does not remove default passwords or backdoors, that fails to install security patches. Poor software includes bugs that override security controls or which permit errant users to crash the system, or in general anything that that makes security unnecessarily difficult or discretionary.

      27. One source of the best practices for security to prevent cyber terrorism and cyber crime attacks has been given by the Computer Emergency Response Team's (CERT). CERT's five areas of practices are divided into:

            1. Harden and secure your systems by establishing secure configurations
            2. Prepare for intrusions by getting ready for detection and response
            3. Detect intrusions quickly
            4. Respond to intrusions to minimize damage
            5. Improve your security to help protect against future attacks

      28. The root technologies required to be developed are: --

      (a) Secure encryption/decryption system

      (b) Identification, authentication and access control

      ( c) Firewalls

      (d) Computer virus countermeasures

      (e) Hacking and phreaking

      (f) Network protection

      (g) Disaster management

      (f) Design of secure sites

      Recommendations

      22. Governments and businesses must address risk assessment, security design and implementation, security management, and reassessment of information systems and networks. In our country, we are conscious of the great threat that cyber terrorism holds out. Consequently, we are working towards mitigating the threat. Some of the measures we could take are enumerated in the succeeding paragraphs.

      23. Risk Management. The traditional approach to security relies heavily on products and services to prevent intrusions. However, in the current context, nothing is impregnable. Absolute defense against attacks has rarely been achieved. Each defensive measure generates a counter measure by an attacker, driving the defender to adopt ever stronger measures. Effective risk management involves more than just deploying the latest security product and hoping for the best. A more complete approach involves a process oriented, standard based methodology which defines risk management into four discrete components - risk assessment, development of counter measure plans, execution of counter measures and testing the measures implemented. The response to any threat must be more positive and active rather than passive.

      24. Regular Threat Analysis. The Internet being an extremely widespread medium makes it extremely difficult to block it's usage for malicious purposes. Cyber space is full of possible ways to bypass any blocks that may be created by Nation states. The Great Wall of China in the cyber space has not really been effective against people who know how to get out of it. Consequently, we need to carry out a regular threat analysis to identify physical, electronic and procedural shortcomings in our organizations. It is extremely important to carry out a Threat Analysis of Critical National Assets and Services in the cyber space. Eg. Online Transactions, Share Market etc. It will result in identifying resources that need extra protection and monitoring for their safety.

      25. Vulnerability Audit. We need to identify assets, the loss/ disruption/misuse of which might cause serious damage to our country or its economy etc. We would therefore need to identify critical national resources which use the Cyber Space for transactions.

      26. Deny the Medium. With cyberspace being used by terrorists to communicate and coordinate their activities, the issue of denying them this medium is of course an important issue. However, there are a large number of factors that impede nations in undertaking stern steps, since these steps could easily violate individual privacy and affect derogatorily the performance of knowledge based industries. A balance must be met.

      27. Cooperation between Intelligence and Cyber Policing Agencies. Planning of terror strikes could take place in Chat Rooms, through e-mail, through Voice over Internet, blogs etc. That makes our task of balancing denial of usage vis-à-vis policing extremely difficult. There is a need for cooperation between various intelligence agencies in conjunction with our cyber policing organisations so that hard intelligence coupled with cyber monitoring mechanisms could allows us to track criminals and terrorists. We should incorporate the capabilities to handle multiple protocols, crypto algorithms, code breaking etc. into our monitoring agencies.

      28. Overcome Misinformation. A lot of terrorist recruitment is done at the ground level where the recruiters are in contact with their potential clients. However, today, it is potentially very easy for recruiters to brainwash, misguide and attract youth using the internet.

      29. Create a Culture of Cyber Security Awareness. Priority attention has to be paid to educate the masses on the need for cyber security both at the physical hardware and the software levels. The usage of original software, anti virus programmes and firewalls can not be overemphasized. The Union Home Minister, Mr. Shivraj Patil called for priority attention by lawmakers and law enforcement agencies alike.

      30. Mitigating Bots, Botnets and Distributed Denial of Service Attacks. Bots are zombie programs that are clandestinely installed on unsuspecting users. These are malware and usually can throw noisy traffic over the internet on servers or services. A single bot may not be able to effectively disable any service or server on the Internet especially those held with ISPs, however if hackers own hundreds of thousands of computers, together they can bring down an entire nation, as in Estonia. This is an extremely important issue because huge ISPs looking at large amounts of bandwidth on the Internet can come crawling down with such attacks. There are technical methods of mitigating risks arising out of such attacks and such initiatives need to be taken at the National level with ISPs.

      31. Monitoring of Data. It is impossible to monitor every byte transacted on the Internet because the volumes are too huge. With currently available technologies, it is not possible to determine the exact location from where a message has been initiated. Thus, there is no way that a message can be traced to its originator and the authenticity verified. However, we could monitor data on a selective basis.

      32. Risk Mitigation Plan / Disaster Recovery Plan (DRP). We should have a DRP in place at the National level so as to ensure that we have a contingency plan ready in case of a terrorist strike on critical national infrastructures. We should also test this on a periodic basis.

      1. Cyber Laws. Communications between terrorists would usually take place through standard mail portals, chat rooms etc. Laws need to be put in place to harness the service providers for information sharing on personnel with suspect credentials. This should be duly amalgamated with international understanding and cooperation to enable fighting the scourge of cyber terrorism jointly. Mr R. Ramamurthy, chairman of the Cyber Society of India emphasized the need for new laws to tackle IT related crimes since the IT Act lacked teeth to tackle cyber crimes beause of many sections being vague and open to varied interpretations. The strength of the Cyber Law of any country depends upon it's ‘effectiveness' as well as its ‘enforcement'. Since the Cyber Law in India is weak and ineffective, the country is vulnerable to various cyber crimes and contraventions. Indian Cyber Law lacks innovativeness and a futuristic vision. The Cyber Law in India is a ‘Statute in form but a formality in substance'. The Standing Committee on Information Technology has blamed the Government for not taking the Cyber law of India seriously.India definitely cannot remain ignorant of the need for a strong Cyber Law and effective Cyber Security measures.

      33. Building up Cyber Forensic Capability. We need to build up Network Cyber Forensic capability for tracing back messages, attacks and other malicious activities. Further, we should enact IT Laws that support state sponsored Cyber Forensics for the purposes of tracking down terrorists and allow them as legal exhibits in a court of law. Also, we need to enhance our expertise on PC based forensics for enabling data recovery so as to wean out intelligence captured from terrorists.

      34. Building up Cryptographic Analysis Capability. Crypto analysis capability needs to be built up so that we are able to crack encrypted traffic and break passwords. Government sponsored initiatives for the long term are required in this area, perhaps at avenues such as the DRDO.

      35. Best Practices and Cyber Audits. We need to build up procedures in our government, industry, BPO's etc, which are commensurate with internationally certified best practices. Presence in the cyber realm should only be permitted after audit of strict compliance to security norms. Besides, certified companies need to periodically audit websites and services.

      36. International Cooperation. The proposed initiatives with other countries could include the following: -

      (a) Sharing of information on terrorists and their cyber habits.

      (b) Sharing of forensic software.

      (c) Sharing computing power, crypto analysis capabilities for breaking codes and passwords to access terror resources.

      (d) Building up of trusted computing framework and platforms for critical services on the Internet.

      (e) Hand shake on IT Laws that deal specifically for handling terrorists.

      (f) Building techniques that detect use of Steganography for passing of messages.

      37. Reduction of Vulnerabilities in Software. The quality of software must be increased in order to significantly reduce the number of vulnerabilities that are exploited by cyber-criminals and cyber-terrorists.

      2. Cooperation Between Private Industry and the Government for Cyber Security. Cyber Security is witnessing many important phases and trends. No country of the world is safe from various cyber crimes and contraventions and all are struggling hard to tackle them. But the fact remains that law and its enforcement are lagging far behind than the standards and practices needed to effectively curb them. We need both governmental as well as private initiative in this regard.

      3. Global Coperation for Effective Counter Measures. With the seismic changes being brought about technologically almost on a daily basis, it is difficult to foresee in the distant future what steps are to be taken to lessen the dangers of cyber terrorism or criminal attacks on computer-based systems. It does appear that, contrary to some observers, the threat of significant harm to the populace is real and that there is increasing need for a global united effort to cooperate and share intelligence, stay current with the latest technologies and vulnerabilities, and to enlist the aid of experts to combat the efforts of unscrupulous persons seeking to undermine and harm societies for their political, economic, and/or religious gains.

      Cyber Forensics
      The concepts of cyber security and cyber forensics are not only interrelated but also indispensably required for the success of each other. The former secures the ICT and e-governance base whereas the latter indicates the loopholes and limitations of the adopted measures to secure the base. The latter also becomes essential to punish the deviants so that a deterrent example can be set. There is, however, a problem regarding acquiring expertise in the latter aspect. Further one can understand the difficulty involved in the prosecution and presentation of a case before a court of law because it is very difficult to explain the evidence acquired to a not so techno savvy judge. The Cyber Forensics has given new dimensions to the Criminal laws, especially the Evidence law. Electronic evidence and their collection and presentation have posed a challenge to the investigation agencies, prosecution agencies and judiciary. The significance of cyber forensics emanates from this interface of justice delivery system with the Information Technology. The growing use of IT has posed certain challenges before the justice delivery system that have to be met keeping in mind the contemporary IT revolution. The use of Internet has changed the entire platform of crime, criminal and their prosecution. The Internet is boundary less and that makes the investigation and punishment very difficult. These objects of criminal law will become a distant reality till we have cyber forensics to tackle them. (Cybersecurity in India: An Ignored World, Date: February 07, 2007, Source:
      Computer Crime Research Center, By: Praveen Dalal)

      76

      CHAPTER VI

      CONCLUSION

      1. Cyber terrorism is a commonly heard expression which generally applies to terrorists' use of the Internet or to computer attacks against critical infrastructures. The reliance of society on technology has made information terrorism an attractive proposition due to the low cost operations when compared to the cost of traditional terrorist methods of ammunition, international travel and training, non-specific location and opportunity to attack anonymously. Traditional terrorist tactics have failed to fetch lucrative results, therefore the new breed of terrorists have started looking at the phenomenal advantage of resorting to acts of cyber terrorism cyber terrorism emerging as an effective low-cost option.

      2. Cyber terrorism is the ability to unleash horror and devastation with a few well aimed strokes on a computer keyboard. It might mean hacking into a computer network that controls a major city's electric power supply, water storage sources, telecommunications or financial network. Computer based attacks may be much easier to carry out than a traditional terrorist attack because they can take place with the perpetrators being many thousands of miles away from the target and has emerged as another dimension of asymmetric warfare between a nation and terrorists.

      3. The Internet offers a wide range of possibilities for terrorists and terrorist organizations. This includes attacks that can be digitally launched and which can affect data, property or human lives. Other important aspects regard the spreading of terrorist-related contents and for communication with each other. The legal framework that is available to the international community must address new possibilities for terrorists and at the same time respect the liberties of legitimate users. Strict legislation, sound policy and training and a judicious mix of technology solutions offer the most credible solution to the cyber security dilemma. And this can prove successful only if strongly implemented and constantly updated. The complex nature of the problem also requires being open to innovative solutions. In the dynamic world of IT where obsolescence is high and time a premium, we need to collate our strengths and act fast in our endeavour to ensure that cyber security prevails.

      4. We need to understand that Internet is too entwined to our daily lives and we cannot try to block or control its usage. It is also quite impossible to prevent the bad guys from being able to use the net as a communication medium. But, what can be done is the monitoring of specific targets through amalgamation of hard intelligence and sharing of information so as to obtain actionable intelligence for prosecuting them. It is important for us to build up good cyber defences with excellent logging so that forensics is enabled and acts as a force multiplier in getting intelligence.

      5. Cyber Security of India is an essential part of National ICT Policy and Strategy of India. Cyber security is a big challenge for India. The government of India should bring suitable changes pertaining to cyber law, cyber security and cyber forensics. The government of India has recently come up with the proposed information technology amendment bill, 2008 that was passed by both houses of parliament without even a discussion or debate. The government should seek the expert advice and suggestions of cyber law experts like Mr. Praveen Dalal before finally coming out with the act. An interesting development that has taken place after the proposed IT Amendment Bill, 2008 is that ASSOCHAM and some others cyber law observers have endorsed and accepted the views and stand of Perry4Law and Mr. Praveen Dalal. They are also insisting upon including provisions for a strong cyber law and effective cyber security in the ultimate IT Act, 2000. It is good to see that even the Indian Judiciary and Supreme Court of India have now endorsed the opinion and vies of Mr. Praveen Dalal.

      4. India must appreciate that for a safe and secure cyberspace, we need a good legal framework. The present IT Act, 2000 is a piece make legislation that is weak on the fronts of cyber law, cyber security, cyber forensics, etc. In the absence of a sound legal framework for the ICT systems in India, other e-governance projects of government are also in poor state. As each component of e-governance is related to some other one, a deficiency in the basic legal and technological framework would bring sad results for India. India is on the verge of a technology revolution and the driving force behind the same is the acceptance and adoption of Information and Communication Technology (ICT) and its benefits. This technology revolution may, however, fail to bring the desired and much needed result if we do not adopt a sound and country oriented e-governance policy. A sound e-governance policy presupposes the existence of a sound and secure e-governance base as well. The security and safety of various ICT platforms and projects in India must be considered on a priority basis before any e-governance base is made fully functional. This presupposes the adoption and use of security measures more particularly empowering judiciary and law enforcement manpower with the knowledge and use of cyber forensics and digital evidencing. The information technology is a double edge sword, which can be used for destructive as well as constructive work. Thus, the fate of many ventures depends upon the benign or vice intentions, as the case may be, of the person dealing with and using the technology. For instance, a malicious intention forwarded in the form of hacking, data theft, virus attack, etc can bring only destructive results unless and until these methods have been used for checking the authenticity, safety and security of the technological device which has been primarily relied upon and trusted for providing the security to a particular organisation. For instance, the creator of the “Sasser worm” has been hired as a “security software programmer” by a German firm, so that he can make firewalls, which will stop suspected files from entering computer systems. Thus, these methods may also be used for checking the authenticity, safety and security of one's technological device, which has been primarily relied upon and trusted for providing the security to a particular organisation. In fact, a society without protection in the form of “self help” cannot be visualised in the present electronic era. Thus, we must concentrate upon securing our ICT and e-governance bases before we start encashing their benefits. The same can be effectively achieved if we give due importance to this fact while discussing, drafting and adopting policies decisions pertaining to ICT in general and e-governance in particular. The same is also important for an effective e-commerce base and an insecure and unsafe ICT base can be the biggest discouraging factor for a flourishing e-commerce business. The factors relevant for this situation are too numerous to be discussed in a single work. Thus, it would be better if we concentrate on each factor in a separate but coherent and holistic manner. The need of the hour is to set priority for a secure and safe electronic environment so that its benefits can be reaped to the maximum possible extent.
      The growing use of ICT for administration of all the spheres of our daily life cannot be ignored. Further, we also cannot ignore the need to secure the ICT infrastructures used for meeting these social functions. The threat from “malware” is not only apparent but also very worrisome. There cannot be a single solution to counter such threats. We need a techno-legal “harmonised law”. Neither pure law nor pure technology will be of any use. Firstly, a good combination of law and technology must be established and then an effort must be made to harmonise the laws of various countries keeping in mind common security standards. In the era of e-governance and e-commerce a lack of common security standards can create havoc for the global trade in goods and services. The tool of Cyber Forensics, which is not only preventive but also curative, can help a lot in establishing a much needed judicial administration system and security base. We need to address issues such as mutual legal assistance treaties, extradition, sharing of intelligence and the need for uniform computer crime laws so that cyber criminals can be successfully investigated and prosecuted even when their crimes cross international borders, as they so often do. This effort should not be focused on either cyber-terrorism or hacktivism, but should address an array of actions that includes all forms of hacking and computer network attacks, computer and telecommunications fraud, child pornography on the net and electronic piracy. It should also cover state-sponsored cyber-warfare operations that use hacking and computer network attacks as military weapons.