India’s snooping programme is officially underway and multiple agencies will use internet surveillance system Netra and the National Cyber Coordination Centre to keep a tab on suspicious activities on the internet, says Vicky Nanjappa.
“It is not intended to invade privacy,” says an Intelligence Bureau. “Through such programmes we will have real time information,” he adds.
Compared with Netra, the NCCC has a wider role to play, as it will be the first layer of cyber threat monitoring.
All communication that passes through government and private service providers would go through this agency. It basically does the job of a control room, monitoring the entry and exit, which also includes international gateway.
Netra, devised by the defence ministry, will catch suspicious words that are used on social networking sites. Words such as ‘attack’, ‘bomb’, ‘kill’, ‘plan’, ‘execute’ will be picked up. The data would then be sent to the NCCC in real time for analysis.
Netra would not only pick up words from social networking sites, but it would also keep a tab on voice over internet calls. The NCCC would also look into blogs, emails and social networking data. Complaints that are received by cyber crime police stations would also be taken into account by the NCCC and aid would be provided in nabbing the culprits.
Officers say there is nothing for people to worry about provided they are clean on the internet. It is not as though people will get arrested for random chats. There is a proper mechanism in place which scrutinises everything and studies a pattern.
The programme is for the agencies to stay alert all the time. The response time in case of cyber terrorism has been very bad and this is a step to correct it. Terrorists often get away with at least 30 hours of benefit due to the lag in response. Keeping a tab real time will only prevent the offence, the official said.
But legal experts point out that as long as it (spying) is for a proper cause, it is fine. Snooping in on conversations that are political or business related is not the job of this agency. We have witnessed many times in the past that conversations are snooped into through telephone tapping and this has often been to keep track of political rivals.
The government in power always uses the agencies to get their dirty work done.
The NCCC will be under the control of multiple agencies such as:
- National Security Council Secretariat
- Intelligence Bureau
- Research and Analysis Wing
- Indian Computer Emergency Response Team
- National Technical Research Organisation
- Defence Research and Development Organisation
- Defence Information Assurance and Research Agency
- The army, the navy and the air force
- The department of telecommunication
An officer says that it would be linked to the National Intelligence Grid as well.
Intelligence is not just restricted to that on the field. The NIG would collect the data passed on by the NCCC and Netra for analysis. The NIG would coordinate with the NCCC to collect intelligence. It would then be analysed following which a decision would be taken to find out if it is actionable or not.
This is a very ambitious project for India. The NCCC alone costs around Rs 1,000 crore. It is of utmost importance for India as it has become an epicentre for jihadis who operate from Pakistan and Afghanistan. Most of the communication these days has been on the internet and hence such an agency becomes extremely important, the IB says.
The need for such agencies can be justified with statistics. One hundred and thirty three government websites were hacked during January to March this year. In 2011, $4 billion were lost due to cyber crime in India.
Eighty per cent of the people surveyed experienced cyber crime.
According to Reserve Bank of India, 2,232 internet fraud cases involving Rs 1,234.94 lakh were registered in 2010. The Central Bureau of Investigation registered two cyber crime cases involving Rs 17 lakh in 2010.
Measures to be taken by the government of India
Legal framework in the form of Information Technology Act, 2000. The act provides legal framework to address the issues connected with cyber crime, cyber attacks and security breaches of information technology infrastructure.
Setting up of early warning and response to cyber security incidents through the Indian Computer Emergency Response Team and collaboration at national and international level for information sharing and mitigation of cyber attacks.
CERT-In regularly publishes security guidelines and advisories for safeguarding computer systems from hacking and these are widely circulated. CERT-In also conducts security mock drills, workshops and training programs on regular basis to enhance security posture of infrastructure and awareness.
The organisations operating critical information infrastructure have been advised to implement information security management practices based on International Standard ISO 27001.
Ministries and departments have been advised to carry out a security audit of their information technology infrastructure regularly to ensure robustness of their systems. The government is facilitating skill and competence development in the area of cyber security by providing domain specific trainings on cyber forensics, network and system security administration.
Labs for training in collection and analysis of digital evidence for law enforcement and judiciary have been setup. The government has formulated a crisis management plan for countering cyber attacks and cyber terrorism.
This is being implemented by all ministries/departments of the central government, state governments and their organisations and critical sectors.