India is treading on the digital highway and very soon most of the
public services would be delivered through use of information and
communication technologies (ICT). This is clear from the enthusiastic
implementation of Digital India project that needs some fine
tuning to get the best results. Nevertheless there is no escape
from the reality that Digital India would be the face of Indian
economy and culture very soon.
With this increased and omnipresent digital culture, cyber crimes
and cyber security breaches would be the norm in future. This is the
reason why the Delhi Police has decided to launch a mobile
application that would help in filing of online
FIR for economic frauds and cyber crimes. Now the Reserve Bank of
India (RBI) has also showed its commitment to fight against cyber
crimes and financial frauds by declaring that an information
technology driven subsidiary would be established by it to deal with
cyber nuisances. This IT subsidiary of RBI would also deal with cyber
security and related issues with a special focus upon banking related
technology issues. The IT subsidiary of RBI would also evaluate the
technical capabilities of banks that is almost missing as on date.
We at Perry4Law
Organisation (P4LO) welcome this move of RBI and extend our full
techno legal support and expertise in this regard. As per the cyber
security trends of India 2015 by P4LO cyber security related
issues must be taken care of by various stakeholders including banks
in India. Although RBI has announced many effective cyber security
related initiatives for banks in India yet cyber
security for banks in India is still not in good shape. Some of
the initiatives already undertaken by RBI in this direction include
formulation and implementation of Internet
banking guidelines, formation of a RBI
Working Group on Information Security, Electronic Banking,
Technology Risk Management and Cyber Frauds, RBI Recommendation on
Information
Security and its implementation in India, etc.
RBI has also prescribed establishment of Steering
Committees on Information Security by Banks in India and
appointment
of Chief Information Officers (CIOs) for all banks in India.
However, banks in India have failed to comply with the
directions of RBI so far. As on date there is neither a legal
framework nor any compulsion to ensure cyber security of banks in
India. This gives little incentive to the banks to ensure cyber
security of online banking system of India. On top of it, banks in
India are not following cyber
security due diligence and cyber
law due diligence (PDF) despite RBI’s directions.
If we take the example of western countries, sophisticated malware
are targeting banks of these countries. These countries are heavily
relying upon ICT for their functioning and this makes them vulnerable
to cyber crimes and cyber attacks. India has not faced this heat so
far because till now India did not adopt technology to that extent.
However, after the adoption of Digital India, cyber security and
cyber crimes investigation would become major issues for not only the
law enforcement agencies but also banks of India. RBI seems to be
aware of this reality and has taken a good step by deciding to
establish an IT subsidiary that would take care of all these issues.
However, we at P4LO believe that this IT subsidiary of RBI should not
be a mere paper tiger but must actually work towards establishing a
robust and resilient cyber security environment for banks of India.
Sophisticated botnet and malware like Dump Memory Grabber has been
targeting
Indian banks and POS Terminals. Similarly, the Gameover
Zeus or GOZ botnet is also capable of stealing sensitive banking
and financial information and details. Recently, the US Justice
Department even charged a
Russian national for creation of Gameover Zeus (GOZ) Botnet.
In these circumstances we must consider the proposal of India to
adopt and use mobile banking, Internet banking and other online
banking and financial transactions methods. So far India and RBI has
not considered the issues of mobile
banking cyber security, internet
banking cyber security, legal
aspects of Internet banking, cyber
security of e-governance services, etc. In these circumstances,
Indian online
banking transactions are vulnerable to cyber attacks.
The cyber security for banking and financial sectors of India must
be ensured
as soon as possible. Online payment market of India and e-commerce
and online business legal compliances have further
increased the requirements of banking cyber security in India.
Similarly, cyber due diligence for Paypal
and online payment transferors of India must also be ensured by
these stakeholders. These are some of the suggestions that P4LO has
shared with Indian Government and RBI through this platform. More
detailed suggestions would also be shared by P4LO at appropriate
stage and platform.
Source: Global
Techno Legal News And Views.