CHAPTER 13 Cyber Security In this Chapter… 13.1 Cyber Security and its Related Issues 13.1.

1
Cybercrime 13.1.2 Measures to Control Cybercrime in India 13.1.3 Cyber Security 13.1.3.1 Basics of
Cyber Security 13.1.3.2 Significance of Cyber Security 13.1.3.3 Cyber Security in India 13.1.4 Cyber
Check 13.1.5 Cyberterrorism 13.1.5.1 Basics of Cyberterrorism 13.1.5.2 Different Forms of
Cyberterrorism 13.1.5.3 Distributed Denial of Service Attack 13.1.6 Combating Cyberterrorism 13.1.7
Cyberwarfare 13.1.7.1 Basics of Cyberterrorism 13.1.7.2 Cyberwarfare Consists of Many Different
Threats 13.1.7.3 Cyberwarfare and India 13.1.7.3.1 India’s Vulnerability 13.1.7.3.2 Response
13.1.7.3.3 Shortcomings Exist in India’s Cyber Warfare Capabilities 13.1.7.3.4 A Long-Term Response
Involves in Cyber Security 13.1.8 National Cyber Security Policy, 2013 13.1.9 Cyber Crime
Coordination Centre 13.2 Blockchain Technology 13.3 Cryptocurrency and Regulation of Official
Digital Currency Bill, 2021 13.4 Toolkit 13.5 Cyber Insurance 13.6 WhatsApp’s New Policy being
Examined by GoI 13.7 Cyberdome 13.1 Cyber Security and its Related Issues 13.1.1 Cybercrime Any
crime that involves a computer and a network is termed as Cybercrime. Here, the computers may or
may not have played an instrumental part in the commission of a crime. Cybercrime spans activities
like hacking, spam, online fraud, obscene or offensive content, harassment, cyberterrorism and
cyber warfare. It usually includes high-profile crimes, particularly those surrounding hacking,
copyright infringement, child pornography and child grooming. The major issue of privacy arises
when confidential information is lost or intercepted, in a lawful manner or otherwise. 13.1.2
Measures to Control Cybercrime in India The Information Technology (Amendment) Act, 2008,
serves as the legal framework for tackling cybercrime in India. The original Act of 2000 contained
provisions on cybercrimes related to online transactions. The legal framework was required to be
strengthened and amended due to several new forms of computer crime, misuse and fraud taking
place. To tackle new forms of cybercrimes like sexually explicit material in electronic form, video
terrorism and breach of confidentiality and leakage of data by intermediary and e-commerce frauds,
the amended Act of 2008 came into force. As part of cyber security efforts of the government, a
holistic effort approach is being followed, involving research and development in cyber security.
Several research and development projects have been initiated for basic research and indigenous
development of technology in this area. 13.1.3 Cyber Security 13.1.3.1 Basics of Cyber Security The
processes and mechanisms ensuring protection of computer-based information against
unauthorised access, transfer, modification or destruction (whether accidental or intentional) is
termed as Cyber Security. It deals with security threats such as hacking, malware, cybercrime,
cyberterrorism, data theft, etc. It studies these threats and the features of computer systems and
networks that make them vulnerable to these threats and then try to come up with measures to
prevent these threats and find solutions after the computer is already affected. Cyber security
companies produce anti-virus programmes to prevent infection from viruses and heal infected
computers. Cyber security is also concerned with developing threat-resistant firewalls, encryption
and passwords for protection against hacking and data theft. 13.1.3.2 Significance of Cyber Security
With the expansion of Internet and computer systems, the responsibility of these is getting more
and more complex and interdependent. Thus, cyber security has become a serious concern as new
security threats emerge every day. Poor cyber security may make government, business and
personal computers vulnerable to these threats. New viruses are known to cripple businesses
worldwide, causing billions of dollars of damages every year. Cyber security is not just an issue that
concerns individuals and businesses but also government, since as it has national security
dimensions. For example, if military computers are not adequately protected against hacking, enemy
countries may steal sensitive data. 13.1.3.3 Cyber Security in India In India, because of the thriving IT
industry, large-scale use of computers by governments, especially e-governance and the growing
usage of personal computers, cyber security has emerged as an important issue that requires a
national-level response. The legal framework for cyber security in India is the Information
Technology (Amendment) Act, 2008. The Union Government had set up an Inter Departmental
Information Security Task Force (ISTF) with National Security Council as the nodal agency to highlight
the growing threat to information security in India and focus related actions. The issues were studied
and deliberated by Task Forces relating to cyber security and made recommendations. Considering
the recommendations of the ISTF, the following initiatives have been taken by the Government: 1.
Indian Computer Emergency Response Team (CERT-ln) has been established to respond to the cyber
security incidents and take steps for prevention of recurrence of the same. 2. Public Key
Infrastructure or PKI (i.e., user and verifer). 3. To support implementation of Information Technology
Act and promote use of Digital Signatures, adequate infrastructure has been set up. 4. Research and
Development activities have been supported by GOI through premier academic and Public Sector
Institutions in the country. 5. Government cyberspace and critical infrastructure have been
developed. 6. Information Security Education and Awareness Programme has been launched all over
India. 7. The Government is also following a holistic strategic approach for the long term. The
approach includes research and development, legal framework, security incidents, early warning and
response, best security policy compliance and assurance, international cooperation and security
training. 8. The Crisis Management Plan was formulated in April 2010 to deal and counter cyber-at-
tacks and cyberterrorism. It is to be implemented by all ministries and departments of central and
state governments. 13.1.4 Cyber Check It is an advanced cyber forensics tool kit for analysing and
viewing evidence files, indigenously developed by the Centre for Development of Advanced
Computing (CDAC), for use by law enforcement agencies. A branch of forensic science pertaining to
obtain legal evidence found in computers and digital storage media is termed as computer forensics.
13.1.5 Cyberterrorism 13.1.5.1 Basics of Cyberterrorism Cyberterrorism describes the acts of
deliberate, large-scale disruption of computer networks, especially personal computers connected
to the Internet. It is performed by the means of tools such as computer viruses. Cyberterrorism is a
controversial term. Some authors choose a very narrow definition, relating to deployments, by
known terrorist organisations. By this narrow definition, it is difficult to identify any instances of
cyberterrorism. Hence, a more general definition includes, for example, as “The premeditated use of
disruptive activities, or threats against computers and/or networks, with the intention to cause harm
or further social, ideological, religious, political or similar objectives or to intimidate any person in
furtherance of such objectives.” 13.1.5.2 Different Forms of Cyberterrorism Cyberterrorism can take
various forms: 1. Terrorist propaganda on the Internet: The ultimate aim of a physical terrorist attack
is to terrorise a target population. It involves spreading a feeling of fear and therefore, adequate
coverage in the media is very important for terrorists to succeed. The Internet is one of the media
that is used by terrorists to spread terror, promote terrorist ideologies, organise terrorist activities
by connecting terrorists in different parts of the world, etc. 2. Privacy violation: A lot of private
information is present on the Internet and computers. This includes passwords, encryption keys,
images and videos, sensitive files, etc. Cyber terrorists may steal these resources or threaten it. Right
to privacy is part of the Right to Life of Article 21 of the Constitution. Various provisions of the
Information Technology Act, 2000, protect the online privacy rights of the citizens. 3. Attacks on
government properties: Governments maintain large databases and a large number of government
computers are connected to the Internet. This makes them susceptible to hostile attacks mainly in
the form of theft of sensitive government information, valuable government secrets including those
relating to Defence and national security, passwords and other private information of government
officials, etc. E-governance systems may be hacked and disrupted, causing great inconvenience to
public and even threatening day-to-day government activities. A similar attack may be made by
cyber terrorists on computers and networks of private companies and individuals. 13.1.5.3
Distributed Denial of Service Attack The cyber terrorists may also use the method of Distributed
Denial of Service (DDoS) to overburden the computer systems and networks of governments, armed
forces and businesses. This involves sending a large number of web requests to servers, overloading
them and ultimately leading to their collapse. This results in serious disruption. It results in immense
pecuniary and strategic loss to government and its agencies. 13.1.6 Combating Cyberterrorism In
India, the Information Technology Act, 2000, has laws regarding privacy violations, information theft,
DDoS attacks, network damage and disruptions. The Council of Europe Convention on Cybercrime,
established in 2004, is the first International treaty for fighting against computer crime. 13.1.7
Cyberwarfare 13.1.7.1 Basics of Cyberterrorism Politically motivated hackers aiming to conduct
sabotage and espionage, lead to Cyber warfare. It being an information warfare is sometimes seen,
analogous to conventional warfare, although this analogy is controversial in terms of its accuracy
and its political motivation. Thus, cyber warfare is described as “actions by a nation-state to
penetrate another nation’s computers or networks for the purposes of causing damage or
disruption.” Cyber warfare can be described as “the fifth domain of warfare”, which has become just
as critical to military operations as land, sea, air and space.” In spite of its growing threat, it has been
the least common warfare and so far has not been used effectively. President Barack Obama, in
2009, declared America’s digital infrastructure to be a “strategic national asset,” and thereafter, the
Pentagon set up its new U.S. Cyber Command (USCYBERCOM) in May 2010, to defend American
military networks and attack other countries’ systems. A cyber-security and “operations centre” is
also established then by United Kingdom. 13.1.7.2 Cyberwarfare Consists of Many Different Threats
1. Cyber Espionage: The includes any practice meant to obtain secret information from individuals,
competitors, rivals, groups, governments and enemies to take military, political, or economic
advantage. 2. Cyber Vandalism: This usually involves hacking enemy websites and defacing the web
pages or plant propaganda messages. 3. DDoS Attack: Attempt to make a computer resource
unusable by persons or groups who disrupt an Internet site or service. In cyber warfare, DDoS
(distributed denial-of-service) attacks mainly involve targeting of government and military websites.
4. Sabotage: Military activities using computers and satellites for coordination are often at risk of
equipment disruption. Power, water, fuel, communications and transportation infrastructure – all of
them may be vulnerable to disruption, as they are increasingly controlled by computer systems.
Particularly, power transmission systems and telephonic systems including cell phones are
susceptible to cyber warfare. Even interception or replacement can afect orders and
communications. Massive power or communication outages caused by a cyber-attack could disrupt
the economy, distract from a simultaneous military attack, or create a national crisis. 13.1.7.3
Cyberwarfare and India 13.1.7.3.1 India’s Vulnerability In recent times, cyber-attacks resemble
political conflict, leading to warning from experts of the unfolding of a “Cyber Cold War”. It is said
that massive cyber-attacks may precede future wars. India appears to be extremely vulnerable due
to huge growth in government state-wide area networks and 25 mission e-governance mode
projects, in addition to electrical grid, cell phones, oil and gas infrastructure. This is on top of the
private industry, especially the banking and finance sector deploying huge number of online
transactions. 13.1.7.3.2 Response The main agency dedicated to defend India’s IT infrastructure is
Computer Emergency Response Team (CERT) within the Department of Information Technology. It
performs its functions in coordination with the National Informatics Centre, the government’s
service provider. Dedicated cyber warfare groups operate in the Defence Intelligence Agency (DIA)
and India’s technical intelligence organisation National Technical Research Organisation (NTRO). The
Indian Army recently announced that an impenetrable and secure wide area network exclusively for
army’s function and use has been established functioning. The army has its own cyber security
policy, a Computer Emergency Response Team (CERT) and its own cyber audit process, which is
conducted by cyber security personnel. 13.1.7.3.3 Shortcomings Exist in India’s Cyber Warfare
Capabilities 1. Dedicated cyber warfare groups operate in the DIA and NTRO but these are tasked
only with offensive cyber warfare and not with defending against cyber-attacks. 2. India spends less
than $1 million (₹ 5 crore) on offensive cyber warfare. There are a handful of experts available. On
the other hand, China has an annual budget of $55 million and employs thousands of hackers. The
US and some European nations are even ahead. 3. India cannot counterattack, but various nations
can. For example, a secure operating system “Kylin” has been developed by the Chinese as an
effective protection from such attacks. Not only this, a secure microprocessor has also been
developed by them. This microprocessor, unlike the US-made chips, which most computers in India
use, is known to be hardened against external access. 4. India, in spite of being an IT-superpower, is
almost entirely dependent on external sources, be it hardware or software. Even for all antivirus
programmes, network protocols and network hardware components, India depends on external
sources. Such vulnerable operating systems could lead to massive DDoS attacks. 13.1.7.3.4 A Long-
Term Response Involves in Cyber Security 1. A dedicated cyber security organisation, which employs
police and armed forces personnel that can initiate developing a strategy to protect national
information infrastructure. 2. Increasing the cyber warfare budgets and inducting more personnel. 3.
Setting up a national centre for coordinated response to cyber-crime between various law-
enforcement agencies, Internet Service Providers (ISPs) and high-quality researchers within the
country. 4. Carrying out extensive information security audits of government networks and
encouraging the private sector to do the same. The idea would be to identify security gaps to
determine exactly what the problem is and try to address its security requirement. 5. A software and
hardware policy intended for development of secure indigenous microprocessors and operating
systems, so that more and more computers use these and make computers in India, in general, more
resistant to cyber-attacks. 6. There is a view among officials and experts that the Indian government
needs to evolve a national security policy, which should be implemented in all the government
departments. In May 2010, the Indian government announced several measures designed to address
the cyber security challenge: • A task force was formed by the government to devise a plan for
building open source, indigenous operating systems, intended at reducing dependence on foreign
hardware and software vendors. • The government established a Crisis Management Plan against
cyber-attacks, which all central ministries, state governments and critical sectors need to implement.
In August 2010, at a high-level security meet chaired by the National Security Advisor (NSA), the
government made several more proposals: 1. Set up a cyber-warfare infrastructure, manned by a
small army of software professionals, for spying purposes on the classified data of hostile nations by
hacking into their computer systems. 2. According to the proposal, the responsibility for creating
cyber-offensive capabilities is on the National Technical Research Organisation (NTRO) and Defence
Intelligence Agency (DIA). 3. Further plans of the government include amplification of the efforts to
strengthen its cyber armour. It is proposed that to check all types of hardware and software being
sourced by departments for spyware, a National Testing Centre will be established. It will prevent
India’s computers from coming under attack. 4. The NSA has also asked the DRDO and DIA to
magnify efforts against electromagnetic-pulse bombs that can interrupt wireless signals inside the
country. As per NSAs directives, the DIA has to harden its Transient Electro Magnetic Pulse
Emanations Standards, known as TEMPEST in military parlance. Hardening TEMPEST includes lower
chances of interception of data transferred by Defence agencies through Internet. 5. The
introduction of cyber security in the curriculum of NTs and educational institutes is as per the
directives of the National Security Council Secretariat to the HRD and IT ministries. 13.1.8 National
Cyber Security Policy, 2013 Indian Government announced National Cyber Security Policy, 2013 with
these important features: • To form a secure and flexible cyber space. • To have a safe and secure
cyber ecosystem and generate belief and trust in IT transactions. • To setup a 24 × 7 National Critical
Information Infrastructure Protection Centre (NCIIPC). • To test all Information and Communication
Technology (ICT) based products and certifying them. • To create workforce of 500,000 professionals
in the field of ICT. 13.1.9 Cyber Crime Coordination Centre The Indian Cyber Crime Coordination
Centre (I4C) was recently inaugurated by the government. The scheme to set up I4C was approved in
October 2018, to deal with all types of cybercrimes in a comprehensive and coordinated manner.
About the Indian Cyber Crime Coordination Centre It will be set up under the newly created Cyber
and Information Security (CIS) division of the MHA (Ministry of Home Afair). It has seven
components: 1. National Cyber Crime Threat Analytics Unit, 2. National Cyber Crime Reporting
Portal, 3. National Cyber Crime Training Centre, 4. Cyber Crime Ecosystem Management Unit, 5.
National Cyber Crime Research and Innovation Centre, 6. National Cyber Crime Forensic Laboratory
Ecosystem, and 7. Platform for Joint Cyber Crime Investigation Team. Functions • The I4C will assist
in centralising cyber security investigations, prioritise the development of response tools and bring
together private companies to contain the menace. Objectives • To act as a nodal point in the fight
against cybercrime. • Identify the research problems/needs of LEAs and take up R&D activities in
developing new technologies and forensic tools in collaboration with academia/research institutes
within India and abroad. • To prevent misuse of cyber space for furthering the cause of extremist
and terrorist groups. • Suggest amendments, if required, in cyber laws to keep pace with fast
changing technologies and International cooperation. • To coordinate all activities related to
implementation of Mutual Legal Assistance Treaties (MLAT) with other countries related to
cybercrimes in consultation with the concerned nodal authority in MHA. Need for Surveillance • Asia
is the region most targeted by cyber-attackers, resulting in significant economic losses. As the region
continues to play a key role in the global economic market, these cyber threats are expected to
increase. Over 460 million people in India currently use the internet, leaving them vulnerable to
online criminals -both individuals and organised syndicates. Way Ahead • The government has
decided to hire IT experts from premier public and private institutes, including IITs, to help fight new
age crimes like online fraud, hacking, identity theft, dark net, trafficking, child pornography, online
radicalisation and cyber-terrorism and prepare a roadmap for Indian Cyber Crime Coordination
Centre. 13.2 Blockchain Technology Blockchain is an online registry of digitally verified dealings,
which is encoded in the blocks form, each of which is linked by a computers network. They are a new
data structure that is secure, cryptography-based and distributed across a network. The technology
supports cryptocurrencies such as Bitcoin, and the transfer of any data or digital asset. Spearheaded
by Bitcoin, blockchains achieve consensus among distributed nodes, allowing the transfer of digital
goods without the need for centralized authorisation of transactions. How does it Operate? 1. The
technology allows transactions to be simultaneously anonymous and secure, peer-to-peer, instant
and frictionless. 2. It does this by distributing trust from powerful intermediaries to a large global
network, which through mass collaboration, clever code and cryptography, enables a tamper-proof
public ledger of every transaction that is ever happened on the network. 3. A block is the “current”
part of a blockchain which records some or all of the recent transactions, and once completed, goes
into the blockchain as permanent database. 4. Each time a block gets completed, a new block is
generated. Blocks are linked to each other (like a chain) in proper linear, chronological order with
every block containing a hash of the previous block. 5. As a public ledger system, blockchain records
and validate each and every transaction made, which makes it secure and reliable. 6. All the
transactions made are authorized by miners, which makes the transactions immutable and prevent it
from the threat of hacking. 7. Blockchain technology discards the need of any third-party or central
authority for peer-topeer transactions. 8. It allows decentralization of the technology. Benefits of
Blockchain Technology • In terms of a public ledger system, Blockchain account and authenticate
each and every made transaction, thereby making it safe and dependable. • All the done
transactions are endorsed by miners, which make them absolute and avoiding it from the hacking
risk. • Blockchain Technology rejects any third party or central authority requirement for peer-to-
peer transactions. • It allows technology decentralization. Usage of Blockchain in Public
Administration • Blockchain has the potentiality of optimizing the public services delivery; further
country’s fight against corruption and produce ample citizen’s value. • Blockchain generates a
profcient and cost-effective database that is practically tamper-proof by preserving an absolute and
chronological planned record of all actions and files (“blocks”) associated together (“chain”) in a
circulated and decentralized database. By executing this, it undertakes building more clear, liable
and able governments. • In addition to this, Blockchain can also assist in building a more honest
government. A public Blockchain, similar to Bitcoin usage, reports all information and transactions
on the decentralized database permanently, publicly and most important of them securely.
Blockchain can hold state and local actors answerable for any embezzlement, by permitting
governments for tracking the government funds movement. • Blockchain not only dissuades
corruption with the help of accountability, but it can also undertake so by entirely evading the
middleman. The West Bengal government is preparing for introduction of blockchain technology for
safeguarding its documents from cyber attacks. The state government’s planned Cyber Security
Centre of Excellence would be assigned in executing the new ‘blockchain’ system at various
departments. The cyber security centre will fetch the best in academic, law enforcement and other
sections under single roof for undertaking the finest practices for countering Cybercrimes. The
centre will also undertake research. In 2017, computers at a few offices of the West Bengal State
Electricity Distribution Company Limited were disabled by ‘WannaCry’ virus, a global ransomware.
Ransomware is a kind of malicious software intended to block computer system access till the asked
sum of money is paid. Note: The Tech Mahindra and the Government of Telangana have signed an
accord for establishing a country’s first Blockchain district in Hyderabad, a first of its kind Centre of
Excellence for Blockchain. Fig. 13.1 Working mechanism of Blockchain Technology Possibilities of
Blockchain are: • Confidential communication of cryptocurrency. • Safe, cost effective and fast bank
transactions. • Secure legal documents, health data, notaries and personal documents. •
Distribution of land records and government financial assistance. • Cloud storage, digital
identification, smart communication and digital voting. National Informatics Centre (NIC) has set up
a Centre of Excellence (CoE) in Blockchain Technology in Bengaluru, which will provide Blockchain as
a service and allow stakeholders to benefit from shared learning, experiences and resources.
Functions 1. The Centre of Excellence will facilitate various government departments in building
proof of concepts for use of Blockchain technology in different dimensions of governance, leading to
large scale deployment of some such applications. 1. With National Informatics Centre (NIC)
providing a robust and an agile infrastructure, the CoE shall also provide Blockchain as a Service
(BaaS) for efficient hosting of Blockchain network, says an official release. Regulation in India • The
current debate in India has, unfortunately, focused too heavily on trading and speculation, looking at
cryptocurrencies as an investment tool, rather than understanding the potential of core blockchain
technology and the basic role of cryptocurrencies as an incentive mechanism to secure decentralized
transactions. • Prevailing cyber laws in India touch almost all aspects of transactions and activities
involving the internet, www and cyber space (IT Act, 2000 and amended in 2008, section 463 of IPC
and section 420). But in today’s techno-savvy environment the world is becoming more and more
digitally sophisticated and so are the crimes. India’s cyber laws are lacking in this respect. • There
are sufficient global examples of countries that have taken cautious steps in regulating the
technology and are focusing on stopping illegal activity without hurting innovation. Ransomware
Case Worldwide WannaCry is a ransomware worm that spread rapidly through, across several
computer networks in May of 2017. After infecting a Windows computer, it encrypts files on the PC’s
hard drive, making them impossible for users to access, then demands a ransom payment in bitcoin
in order to decrypt them. Petya is a ransomware strain discovered in 2016 that infects Microsoft
Windows-based computers. Like other forms of ransomware, Petya encrypts data on infected
systems. The data is unlocked only after the victim provides the encryption key, usually after paying
the attacker a ransom for it. Eternalblue allowed the ransomware to gain access to other machines
on the network. On May 12, 2017, the worldwide WannaCry ransomware used this exploit to attack
unpatched computers. 13.3 Cryptocurrency and Regulation of Official Digital Currency Bill, 2021 The
Budget session of Parliament is likely to consider this bill, which prohibits all private cryp-
tocurrencies and provides for an official digital currency to be issued by the Reserve Bank of India.
The purpose of the law has been described as: 1. To create a facilitative framework for an of-cial
digital currency issued by the RBI. 2. To “prohibit all private cryptocurrencies in India”. The Bill also
seeks to prohibit all private cryptocurrencies in India, however, it allows for certain exceptions to
promote the underlying technology of cryptocurrency and its uses. Background The Supreme Court,
set aside on April 6, 2018, circular of the Reserve Bank of India (RBI) that prohibited banks and
entities regulated by it from providing services in relation to Virtual Currencies (VCs). What did the
Court Say? 1. RBI has not come out with a stand that any of the entities regulated by it namely,
nationalised banks/scheduled commercial banks/ cooperative banks/NBFCs, have suffered any loss
or adverse effect directly or indirectly, on account of Virtual Currencies (VCs). 2. Hence, the RBI
circular is “disproportionate” with an otherwise consistent stand taken by the central bank that VCs
were not prohibited in the country. 3. Besides, the court found that the RBI did not consider the
availability of alternatives before issuing the circular. 4. Besides, the court referred to the Centre’s
failure to introduce an official digital rupee despite two draft Bills and several committees. What are
Cryptocurrencies? Cryptocurrencies are digital currencies in which encryption techniques are used to
regulate the generation of units of currency and verify the transfer of funds, operating
independently of a central bank. Examples: Bitcoin, Ethereum, etc.

Agrahari, Ravi P. Science and Technology for Civil Services Preliminary and Main Examinations | 5th
Edition (pp. 906-930). McGraw Hill Education (India) Private Limited. Kindle Edition.

13.4 Toolkit A toolkit has become a handy tool in sustaining a movement or campaign in times of
social media infuences. • It is a document created as an explainer on an issue as a guide to
everybody who is associated with the campaign or can be roped in to give a fillip to the campaign. •
It also provides a roadmap of how to take forward the campaign or agitation explaining what needs
to be done, when and how. 13.5 Cyber Insurance The policy provides protection in case of theft of
funds due to cyber event/hacking of insured bank account/credit card/debit card/mobile wallet by a
third party. It also provides protection in terms of Defence costs for claims made against the insured
by the third or affected party to identity theft fraud. Cyber insurance for individuals policies are
designed to cover expenses related to post factor actions of a cyber-attack Such as, the cost incurred
during the prosecution process and defense costs are paid by the insurance company relating to the
types of cyber risks mentioned in the documentation of the policy. Other costs such as financial
losses, online loss of money suffered by the policyholder due to cyber-attacks are also covered in the
policy up to the sum assured as mentioned in the policy. Expenses incurred for counseling
treatments post a cyber-attack is also paid for including damages against third party liabilities and
restoration costs. It also takes care of consultant fees, court expenses and legal fees concerning the
cyber-attack. If the attack was intentionally and deliberately done, the policy will not pay any claim.
Insurers do not cover any fraudulent, dishonest or malicious act. These policies do not provide any
cover for any prior actions of the attack that the policyholder has faced before buying the policy; nor
do they cover for personal data or lost pictures in the policy. The insurers also take measures to
avoid any cyber-attack to their customers by prompting for backing up their data, updating anti-virus
and having a proper set of passwords. If such measures are not taken properly, in case of a cyber-
attack, your claim can be jeopardised. 13.6 WhatsApp’s New Policy being Examined by GoI The
Central government has informed the Delhi High Court that it was examining WhatsApp’s
controversial new privacy policy, which is scheduled to come into effect from 15 May, 2021, at the
highest level. Issue The court was hearing a petition claiming that WhatsApp s new privacy policy
violates the right to privacy guaranteed under the Constitution. • The plea said the new policy
“virtually gives a 360-degree profile into a person’s online activity” without there being any
supervision of the government. • The plea sought direction to issue guidelines to ensure such
change in privacy policy by WhatsApp are carried out. Key Features of the Policy 1. Information
Sharing with Third Party Services: When users rely on third-party services or other Facebook
Company Products that are integrated with the services, those third-party services may receive
information about what someone or others share with them. 2. Hardware Information: WhatsApp
collects information from devices such as battery level, signal strength, app version, browser
information, mobile network and connection information (including phone number, mobile operator
or ISP) among others. 3. Deleting the Account: If someone only deletes the WhatsApp app from their
device without using the in-app “delete my account” feature, then that user’s information will
remain stored with the platform. 4. Data Storage: WhatsApp mentions that it uses Facebook’s global
infrastructure and data centers including those in the United States to store user data. It also states
that the data in some cases will be transferred to the United States or other parts where Facebook
affiliated companies are based. 5. Location: Even if a user does not use their location-relation
features, Whatsapp collects IP addresses and other information like phone number and area codes
to estimate one’s general location (city, country). 6. Payment Services: WhatsApp says if anyone uses
their payment services they will process additional information about a person including payment
account and transaction information. Centre Moved Court over WhatsApp’s New Privacy Policy The
Ministry of Electronics and Information Technology has asked the Delhi High Court to step in and
restrain WhatsApp from rolling out its new privacy policy. Why does the IT Ministry want the High
Court to Restrain WhatsApp? Supreme Court judgments had placed a responsibility upon the Centre
to come out with a “regime on data protection and privacy”, which would “limit the ability of
entities” such as WhatsApp to issue “privacy policies which do not align with appropriate standards
of security and data protection”. Therefore, WhatsApp must be stopped from rolling out the
services. The IT Ministry has listed major violations of the current IT rules that the new privacy policy
of WhatsApp, if rolled out, could entail. They are: 1. WhatsApp failed to specify the type of sensitive
data being collected by it. 2. WhatsApp has failed to provide the user an option to review or amend
the users’ information being collected by it. 3. The policy fails to provide users an option to withdraw
consent on data sharing retrospectively. 4. It also fails to guarantee non-disclosure by the third
parties. Other Issues and Concerns 1. The new Whatsapp policy contradicts the recommendations of
the Srikrishna Committee Report, which forms the basis of the Data Protection Bill, 2019. 2. The
principle of Data Localisation, which aims to put curbs on the transfer of personal data outside the
country, may come in conflict with WhatsApp’s new privacy policy. 3. With the updated privacy
policy, WhatsApp can now share one’s metadata, essentially everything beyond the conversation’s
actual text. 4. If users disagree with the messaging platform’s updated privacy policy, they will have
to quit WhatsApp when the new terms of service are set to come into effect. Sandes • The National
Informatics Centre has launched an instant messaging platform called Sandes on the lines of
WhatsApp. • Like WhatsApp, the new NIC platform can be used for all kinds of communications by
anyone with a mobile number or email id. • The limitation, however, is that the app does not allow
the user to change their email id or registered phone number. The user will have to re-register as a
new user in case they wish to change their registered email id or phone number on the app. 13.7
Cyberdome Cyberdome is a pioneering project as it brings together Government Departments, Law
Enforcement Agencies, Industry, Academia, International Organizations and experts from the public
domain for collaborating on cyber security to enhance the capabilities of the state in dealing with
cyber threats. Cyberdome is technological research and development Centre of Kerala Police
Department. It aims to meet the long term security challenges of bridging the gap between the
latest innovations in the cyber space and the skill set of Kerala Police, in combating the emerging
cyber threats. Work of Cyberdome • Child pornography pages have been removed. • Movie piracy
has been stopped by blocking the websites. • Tracking system developed by the team to identify the
location from where data is sent. • During Ransomware attack in 2017, it also protected lot of
computers in Kerala against cyber threat. In 2018, Assam government launched Assam Police
Cyberdome and Digital Intelligence and Training and Aalysis Centre (DITAC) in Kahilipara, Guwahati.
Thus, Cyberdome project can be termed a unique experiment in our current administrative system.
Success of this project depends on its implementation. There are chances to expand this project to
include other parts of our governance system too.

Agrahari, Ravi P. Science and Technology for Civil Services Preliminary and Main Examinations | 5th
Edition (pp. 930-936). McGraw Hill Education (India) Private Limited. Kindle Edition.