A centralised database of cyber criminals should be maintained to keep a check and discourage cyber criminals from engaging in spurious activities in cyberspace, according to a recent ASSOCHAM– Mahindra EY joint study.
There is a need to establish a centralised repository for cyber security standards, best practices and guidelines, which can be used by law enforcement agency for preventing and investigating cyber crime, noted the conducted by The Associated Chambers of Commerce and Industry of India (ASSOCHAM) jointly with EY.
A dedicated national governing unit may be established in India, which will be the central agency for all state government cyber crime agencies to coordinate, integrate and share information related to cyber crime. Such a central agency will be responsible for driving all the cyber crime prevention initiatives, such as collaboration with private sectors, and training and awareness across the country.
The Government should provide well defined citizen awareness programs aimed at preventing cyber crime as a proactive mitigation. This has to be achieved through multiple media, such as print, radio and web to ensure faster and maximum reach ability with local and national languages. Cyber crime awareness shall be introduced in academics in the early stages of education as a mandate for all the state and central, and public and private schools, adds the study.
Releasing the joint study, Mr. D S Rawat, Secretary General ASSOCHAM said, Mechanisms shall be established for independent monitoring of awareness program at regular intervals to evaluate the number of people/regions covered. Awareness material shall be updated regularly to cover up-to-date information.
In order to increase the rate of reporting cyber crime, it is important to have provisions for online reporting of the crime. Using this system, an online cyber crime complaint can be made by the victims of cyber crime. They will gain access to a convenient and easy-to-use reporting mechanism that alerts law enforcement authorities of suspected criminal or civil violations. Also, it will provide a central repository for reference to law enforcement and regulatory agencies at the national, state and local level.
A centralised database of cyber criminals should be maintained so that the criminals released from jails may be monitored. Such checks will discourage cyber criminals from engaging in spurious activities in cyberspace. Many countries, such as the USA and Australia have maintained a central repository of cyber criminals, noted the joint study.
It will be beneficial to have collaborations with International Cyber Security Protection Alliance, such as the Australian Cyber Security Centre (ACSC), National Crime Agency’s National Cyber Crime Unit (NCCU) and the UK’s CEOP. This will help in not only adopting the best practices by other countries for prevention of cyber crime, but also in increasing the capability, knowledge, training, skills, capacity and expertise of cyber security task forces. Additionally, it will help to reduce the harm caused to businesses, customers and citizens due to international cyber attacks.
India should be actively engaged as part of the international cyber crime associations centred on Asia/ Europe and America to seek help and contribute for international cyber crime issues, said Mr. Rawat.
Skilled law enforcement personnel are the need of the hour, considering the highly technical and advanced nature of cyber crime being reported. To gear up to speed in containing and preventing cyber crime, there is a need to engage more cyber crime investigation professionals such personnel may be deployed at state level with access to dedicated laboratories for analysis at each state. Such teams also need to be part of the police team investigating cyber crimes. There should be a special recruitment for personnel to man cyber cells at every police station.
There is a need to increase the number of cyber crime cells and laboratories in the states and provide requisite manpower, training and infrastructure to them. Initiatives to setup the cyber crime cells and laboratories in states where these do not exist, and also upgrade and strengthen the existing cyber crime cells is required to cope up with the rapid cyber crimes.
In addition to the existing mechanisms, a strategy needs to be documented, which states the vision, objective and approach for cyber crime prevention in India. A definite cyber crime prevention program may originate as a specific recommendation of such a document.
The strategy and execution of cyber security needs to be developed with clear vision for addressing challenges related with cyber crime in the short term and mid-term with possible review mechanism to a long-term approach in this domain. The global practices from mature law enforcement organisations, such as the Federal Bureau of Investigation (FBI) and Interpol need to be leveraged and adopted as per their feasibility as part of the Indian cyber crime strategy.
Cyber crime, it is imperative that efforts and resources are dedicated to operationalize a nation’s cyber security strategy. If such initiatives are driven from the highest level of the government, it ensures that all stakeholders are interested and engaged in contributing to the success of any initiatives or programs. Such commitment, though it is an important enabler, is not sufficient to guarantee the success of any initiative or program. Monitoring and review mechanisms are essential to analyse and assess progress as well as consider measures for re-calibration and course correction as may be required.
It is important to define milestones and operationalize the strategy as per the desired impact of initiatives, which are being undertaken. A sample road map basis impact of initiatives is presented below. While several initiatives may commence in parallel, the graph presents a view of their impact on the overall ecosystem for combating cyber crime.
Spread awareness on cyber crime prevention since the cyber criminals are constantly inventing new ways to attack and are in search of potential victims. In fact, some of the most recent attacks on critical infrastructure of a few countries were perpetuated and successfully executed due to the low awareness level of most users, through phishing and social engineering methods.