By Sanjeev Relia
On 01 April 2015, the President of USA signed an executive order establishing the first sanctions program to allow the administration to impose penalties on individuals overseas who engage in destructive attacks or commercial espionage in cyberspace. As per the order, significant malicious cyber enabled activities are to be treated as a “national emergency” in the US. It gives the power to a treasury secretary in USA to target foreign individuals and entities that undertake illicit cyber activity. The sanctions imposed by the US government could include freezing their financial assets and barring commercial transactions with such groups/ individuals.
The aim of the executive order is to deter people from hiding behind borders and leap laws and carry out disruptive activities through the cyber space. Now America has other ways of getting at them by hitting where it hurts in terms of a financial impact. What the executive order aims to do is raise the cost of hacking against nation states. The next logical step would be sanctions targeting individuals. How effective the order is, time will tell, especially against hackers from Iran and North Korea who as it is keep facing various bans and sanctions. Will the order be able to prevent Chinese and Russian state backed hackers from entering American cyberspace and stealing financial data of high end technology?
In India, Section 66 of the IT act deals with such cases (The same section whose subsection A has recently been removed). Section 66 F of the IT act 2000 amended in 2008 defines cyber terrorism. A large number of activities in the cyberspace have been spelt out as cyber terrorism by the act, including damage or disruption of critical information infrastructure. Under the section, a person indulging in cyber terrorism shall be punishable with imprisonment which may extend to imprisonment for life.
Though the legal provisions exist in the IT Act to deter cyber terrorism, yet the number of cases of cyberattacks on our infrastructure has only gone up. Despite this, there are no known cases of any person/ organisation being booked under this section for causing disruptions to CII. Does this mean that there are no disruptive activities taking place through the cyberspace or is it that we do not know how to tackle such cases? Police in India is not given any training on tackling cyber crime. The judiciary at the grass root level is ill prepared to preside over cases involving cyber crime. The end result is that cyber crime and other disruptive activities in the cyber space remain unsolved and unpunished. Unless more teeth are given to the IT Act and the police and the judiciary reformed and trained to deal with cyber crime, it is unlikely that in India we will ever be able to control cyber crime and cyber terrorism.