Cyber Law Notes

Security and Cyber Laws: Course Overview

  • Course focuses on Cyber security and laws.
  • Learners will be able to:
    • Explain security issues/breaches in cyberspace.
    • Describe Cryptography Mechanisms.
    • Discuss data security and management.
    • Explain security policy and audit.
    • Discuss cybercrimes, including intellectual property issues.
    • Analyze cyber law needs in India and selected countries.
  • Course Structure:
    • Block 1: Cyber Security Issues (3 Units)
      • Unit 1: Cyber security issues and challenges
      • Unit 2: Cryptography Mechanisms
      • Unit 3: Data security and managed in Cyber space
    • Block 2: Cyber Laws (3 Units)
      • Unit 4: Cyber space Regulations
      • Unit 5: Cyber crime and legal framework in India
      • Unit 6: Intellectual property Rights issues

Course Expert Committee

  • List of experts from various institutions involved in course development.

Course Preparation Team

  • Details of unit writers, language & format editors, and content editors for Block-1 and Block-2.

Cyber Security Issues and Challenges

Introduction

  • Information Technology: A dual-edged sword.
    • Benefits: telecommunications, governance, public health, education, research, finance, etc.
    • Risks: disruptive purposes.
  • Cyber security: Protection against disruptive use of information technology.
    • Includes technologies, processes, practices to protect computers, networks, and systems from cyber-attacks.
  • Laws penalizing threats to cyber security include:
    • Compensation
    • Imprisonment
    • Forfeiture
    • Fine
  • Primary legislation: Information Technology Act 2000 and allied rules/regulations.
    • Defines and prescribes punishment for cyber security threats.
    • Provides long arm jurisdiction: Indian courts have jurisdiction over cyber offences perpetrators in India and foreign countries.
    • Defines cyber security under Section 2(nb): protection of information, devices, equipment, computers, computer resources, communication devices, and stored information from unauthorized access, disclosure, disruption, modification, and destruction. (IT act, sec2, https://www.indiacode.nic.in/)
  • Countries are increasing cyber security awareness to curb exploitation and protect data.

Objectives

  • Explain the meaning and need of cyber security.
  • Explain the pros and cons of digital security
  • Discuss ways in which cyberspace security is breached
  • Explain technologies which can play significant roles in providing cyber security
  • Explain laws which aim at protecting cyberspace and prescribe penalty or punishment for those who pose threat to cyber security

Digital Security: Pros & Cons

  • Digital security: Protection of online identity and data assets.
    • Uses tools like software, web services, biometrics, firewalls, proxies, vulnerability scanners, and encryption tools.
    • Provides protection against cyber-attacks, unauthorized access, online malicious activities, etc.
  • Three pillars of digital security (Mark Burnette, 2020, p.1):
    • Confidentiality: Private information should be shared with the least amount of people to keep it more secure
    • Integrity: Information should not be modified or corrupted
    • Availability: Information should work effectively and efficiently at all times.
  • OECD Recommendation (2015) and its companion document, guidance for cyber security aspects, guidance for all stakeholders.
    • The Organization for Economic Cooperation and Development (OECD) facilitates information and data to eradicate poverty and inequality.
    • The OECD Working Party on Security and Privacy in the Digital Economy (SPDE): develops public policy analysis and recommendations to ensure digital security and privacy protection foster digital economy development. (OECD, 2015, p1)

Digital Security: Pros

  • Helps protect personal information stored in devices.
  • Blocks suspicious/unauthorized access, preventing harm.
  • Biometric security provides a higher degree of protection against attacks.
  • Enables fearless online communication, transactions, and work.
  • Protects computers from crashing or slowing down, securing business, transactions, and communication.
  • May help foster the state's economy by cutting down on many costs.

Digital Security: Cons

  • Availing digital security services or procuring digital security tools can be costly.
  • Web services or tools may or may not be compatible with the device of the user.
  • Digital security services or tools may be difficult to configure and needs to be updated regularly.
  • Services or tools may slow down device functioning or intervene in normal program functioning.

Security Issues /Breaches in Cyberspace

  • "Cyber Space": A virtual space or electronic medium facilitating exchange of ideas electronically.
  • Crimes in cyber space are termed "cybercrimes".
  • A ‘cyber incident' (CERT Rules, Section 2(e)):
    • Any real or suspected adverse event causing offense, harm to public/private sector functions by impairing the confidentiality, integrity, or availability of electronic information, systems, services or networks resulting in unauthorised access, denial of service or disruption, unauthorised use of a computer resource, changes to data or information without authorisation; or threatens public health or safety, undermines public confidence, have a negative effect on the national economy, or diminishes the security posture of the nation". (Ministry of Electronics and Information Technology Notification, 2018, p6)
  • Threats evolve over time; difficult to cover all, but common issues include:
    1. Unauthorized access:
      • Accessing a computer, network, system, or device without permission.
      • Examples: spying, password guessing, physical theft of storage devices.
    2. Distributed Denial of Service (DDoS) attack:
      • Adversely affects website functioning by overwhelming it with requests.
      • Example: botnet sending huge data to a bank's website, slowing it down.
    3. Malwares:
      • Software designed to harm networks or devices.
      • Includes Botnets, Ransomwares, Trojan, Virus, Worms, Spywares, etc.
      • Botnets: devices infected with malware controlled to carry out cyber-attacks.
      • Ransomwares: encrypt files, data and demand ransom to decrypt or permit access.
      • Trojan: malicious software which looks legitimate but is intended to steal, harm, damage device of victim.
      • Virus: program affects functioning, self replicates and spreads across networks/devices.
      • Spywares: software installed to secretly spy and gather information of victims.
      • Example: ILOVEYOU malware spread in 2000, prompted downloading of ‘LOVE-LETTER-FOR-YOU.TXT.vbs’ attachment which overwrote user files and system files of those who ended up downloading them
    4. Social Engineering attacks:
      • Psychological manipulation of victims to reveal sensitive information.
      • Victims tricked to click malicious links or respond to fraudulent emails.
    5. Phishing:
      • Deceiving victims to reveal sensitive information like username, passwords, credit/debit card details by disguising oneself as a trustworthy entity.
      • Inspired from