In the wake of the recent terror attacks on Mumbai, Cyber Society of India (CYSI) said that the country is equally vulnerable to cyber terrorism, as it is to physical terrorism. Urging the government to take proactive measures to prevent any possible cyber attacks, Cyber Security Group (CSG) of CYSI in a recent report, submitted to the ministry of telecom and IT, makes recommendations under four broad areas. These areas include management, technology, governance and legal aspects.
In its emphasis on e-security of money transactions, CSG calls for expanding the legal purview of IT Act to include Electronic Payment and Settlement Act envisaging protection of wider gamut of work involved in e-money, issuance, control, management of supply logistics, settlement and denotification etc.
CSG wants IT Act on electronic notary to include who authenticates documents, and how this can be done. CSG suggests that mandatory e-notary authentication of e-documents akin to public notary procedure can be simplified and made hassle-free by introducing e-notary counters having e-notaries and e-forms where a user at such counters can avail online e-forms that can be notarised and transmitted back by an e-notary upon submission.
Among the host of recommendations to be incorporated under the IT Act, CSG called for introduction of a single universal ID in India provisionally functioning under federated ID management till universal ID department is created and put in place. To make e-commerce transactions truly functional, e-images of the documents should be made valid through a legislation, it said. On digital rights management area, there is a need to create a counter mechanism against breaches of copyright law to take care of description, identification, trading, protection, monitoring and tracking of all forms of rights usages over both tangible and intangible digital matter, it added. On electronic archives, and info management, the IT Act should address the issue of life cycle management of e-archives and its term of validity and strengthening due diligence in retention of e-documents and e-shares complete transaction management, CSG said.
On mobile devices and remote access, CSG said the IT Act should mull over establishing standards for mobile devices that access devices of questionable security under compulsions of business. Due diligence combined with education and remote access policy should be put in place, it added.
On security certification, CSG wanted the IT Act to stress on common standards across countries and cyber space particulary in case of biometerics where common standards can be adopted for various people utility services like pass port requirements and medical records.
