In the wake of the WhatsApp breach, there has been talk once again on the issue of cyber security. Come 2020, there would be a tremendous enhancement over the National Cyber Security Policy of 2013.

The Cyber Security Strategy Policy would be released in January. This would be a major step forward in securing our cyber space and also realising the $ 5 trillion economy. While it would be a great leap forward, there would be several challenges as well. 

Also read: Think before you click or don’t click at all: Pegasus explained 

MyNation caught up with Pavan Duggal, one of the nation’s top cyber law experts to discuss this issue. He says that the policy of 2020 would be a major enhancement over the National Cyber Security Policy of 2013. When we come up with a strategy as a nation, we must also be mindful of certain key parameters.

Cyber security needs to be an integral part of national security and India needs a dedicated cyber security legislation as the IT Act is not sufficient to deal with all the cyber security challenges.

Since India is increasingly leaning towards data localisation, there will be a need to understand and analyse issues on the intersection of cyber security and data localisation, Duggal said.

India’s critical information infrastructure cyber security needs to be given a specific focus, given the recent attacks. 

We need a detailed legal framework, stipulating the rights, duties and obligations of all stakeholders in the cyber security eco-system, Duggal further added. We must also specifically revisit the role of intermediaries and data repositories. There is a need to straddle them with mandatory obligations to protect and preserve cyber security.

The impact of over the top applications on cyber security and connected illegal interceptions and monitoring issues like the present WhatsApp breach need to be specifically looked at and re-examined, he further stated.

We need to look at cyber security as a potent tool in the direction of further strengthening Indian cyber sovereignty. India also needs to learn from the experience on cyber security regulation from various other countries such as Singapore, Vietnam, China, Australia and even Macau, Pavan Duggal said.

He further added that the absence of a singular agency owing cyber security has led to a paralysis in decision making. Further the option of a secondary legislation in the form of rules under Section 87 of the IT Act 2000 need to also be used as a potent tool to protect and preserve cyber security.

Exerting jurisdiction in cyber security breach matters need to be top priority. The government must work on a PPP model with the private sector for cyber security. We need to encourage and inculcate the adoption of cyber security as a way of life amongst all stakeholders and finally specific obligations and responsibilities of boards of managements of companies need to be reiterated.

Duggal said that the data breach notification law in India needs to be substantially strengthened. India must go in a direction of creating a cyber security safe harbour for companies to prevent exposure to unlimited liability by way of compensation, if companies comply within the minimum stipulated standards on cyber security.

There needs to be a wish list on what should be India’s approach on cyber security. The scenario at the end of 2019 is very different from what it was few years ago, when the cyber security policy had come in. India must learn from the experience of the Cyber Security Policy that had remained a paper tiger and had not been implemented.

India needs to be cognisant of the newly emerging technologies like AI and IOT and their prejudicial impact on the protection of cyber security. These elements, if taken into consideration, would be extremely relevant to help protect the Indian cyber security eco-system.

We need to learn from the work of organisations such as the International Commission on Cyber Security Law, where we collate the legal principles for regulating cyber security so that there is no reinvention of the wheel. We need to understand whether a strategy alone would suffice. Right now there are more than 11 lakh credit card details including Tier-II data that is available for sale on the dark net. The challenges posed by the dark net need to be taken into account as India prepares its march in the area of cyber security, Duggal pointed out.