India does not have a data protection law and data security is thought more of as a regulatory system. Our communication satellites are very vulnerable and can be zapped out by the enemy. There is a cost-benefit analysis to cybercrime.
Bold statements like these made me sit up and pay close attention during the presentation by Dr. N.L Mitra, Senior Partner-Fox Mandal and Ex-Director, National Law School of India University, Bangalore.
And what should our country do about all this?
Statement #1: India does not have a data protection law.
Well, the US has 2 data protection laws and the UK has two Evidence Acts; India has one.
Action: We must take proactive steps to secure our own data. Being reactive will not help. Progressive thinking in this direction is required.
Statement #2: Communication satellites can be shot down.
Action: We need to stop worrying about it and start preparing for an incident like this. How do we protect our critical communications infrastructure? How do we respond to an attack?
This invoked a thought: Remember the ambitious “Star Wars” defense plan proposed by the Ronald Reagan government in 1983? It was officially labelled Strategic Defense Initiative (SDI) and it was a plan to blast nuclear tipped enemy missiles before they hit their intended ground-based or space lodged US targets. Can India create a missile shield to protect its space-based assets?
Statement #3: There is a cost-benefit analysis to cyber crime.
It’s a known fact that most people in India can get away with cyber crime and it is not easy to track down criminals. Even if they are caught, it would take at least 7 years to penalize someone, thanks to our sluggish legal system and courts.
Action: An independent regulatory authority is required for . cyber crimes.
I’d like to add: It should be an autonomous body and there should be no interference from other national investigation agencies.
Here’s what Dr. Mitra recommended.
- There is a need to develop a best practice code.
- Need for business or industrial ethics.
- More data certification officers are needed.
- Private industry must engage with government.
- NASSCOM needs to establish a research centre for Data Security.