Need for centralized repository for cyber crime: ASSOCHAM-EY study

A centralized database of cyber criminals should be maintained to keep a check and discourage cyber criminals from engaging in spurious activities in cyberspace, according to a recent ASSOCHAM-Mahindra EY joint study.

There is a need to establish a centralized repository for cybersecurity standards, best practices and guidelines, which can be used by law enforcement agency for preventing and investigating cybercrime, noted the conducted by The Associated Chambers of Commerce and Industry of India (ASSOCHAM) jointly with EY.

A dedicated national governing unit may be established in India, which will be the central agency for all state government cyber crime agencies to coordinate, integrate and share information related to cyber crime. Such a central agency will be responsible for driving all the cyber crime prevention initiatives, such as collaboration with private sectors, and training and awareness across the country.

The Government should provide well defined citizen awareness programs aimed at preventing cybercrime as a proactive mitigation. This has to be achieved through multiple media, such as print, radio and web to ensure faster and maximum reachability with local and national languages. Cybercrime awareness shall be introduced in academics in the early stages of education as a mandate for all the state and central, and public and private schools, adds the study.

Releasing the joint study, Mr. D S Rawat, Secretary General ASSOCHAM said, Mechanisms shall be established for independent monitoring of awareness program at regular intervals to evaluate the number of people/regions covered. Awareness material shall be updated regularly to cover up-to-date information.

In order to increase the rate of reporting cybercrime, it is important to have provisions for online reporting of the crime. Using this system, an online cybercrime complaint can be made by the victims of cybercrime. They will gain access to a convenient and easy-to-use reporting mechanism that alerts law enforcement authorities of suspected criminal or civil violations. Also, it will provide a central repository for reference to law enforcement and regulatory agencies at the national, state and local level.

A centralized database of cybercriminals should be maintained so that the criminals released from jails may be monitored. Such checks will discourage cybercriminals from engaging in spurious activities in cyberspace. Many countries, such as the USA and Australia have maintained a central repository of cybercriminals, noted the joint study.

It will be beneficial to have collaborations with International Cyber Security Protection Alliance, such as the Australian Cyber Security Centre (ACSC), National Crime Agency’s National Cyber Crime Unit (NCCU) and the UK’s CEOP. This will help in not only adopting the best practices by other countries for prevention of cybercrime, but also in increasing the capability, knowledge, training, skills, capacity and expertise of cyber security task forces. Additionally, it will help to reduce the harm caused to businesses, customers and citizens due to international cyber attacks.

India should be actively engaged as part of the international cyber crime associations centered on Asia/Europe and America to seek help and contribute for international cyber crime issues, said Mr. Rawat.

Skilled law enforcement personnel are the need of the hour, considering the highly technical and advanced nature of cyber crime being reported. To gear up to speed in containing and preventing cyber crime, there is a need to engage more cyber crime investigation professionals such personnel may be deployed at state level with access to dedicated laboratories for analysis at each state. Such teams also need to be part of the police team investigating cyber crimes. There should be a special recruitment for personnel to man cyber cells at every police station.

There is a need to increase the number of cybercrime cells and laboratories in the states and provide requisite manpower, training and infrastructure to them. Initiatives to setup the cybercrime cells and laboratories in states where these do not exist, and also upgrade and strengthen the existing cybercrime cells is required to cope up with the rapid cybercrimes.

In addition to the existing mechanisms, a strategy needs to be documented, which states the vision, objective and approach for cyber crime prevention in India. A definite cyber crime prevention program may originate as a specific recommendation of such a document.

The strategy and execution of cyber security needs to be developed with clear vision for addressing challenges related with cyber crime in the short term and mid-term with possible review mechanism to a long-term approach in this domain. The global practices from mature law enforcement organizations, such as the Federal Bureau of Investigation (FBI) and Interpol need to be leveraged and adopted as per their feasibility as part of the Indian cyber crime strategy.

Cyber crime, it is imperative that efforts and resources are dedicated to operationalize a nation’s cybersecurity strategy. If such initiatives are driven from the highest level of the government, it ensures that all stakeholders are interested and engaged in contributing to the success of any initiatives or programs. Such commitment, though it is an important enabler, is not sufficient to guarantee the success of any initiative or program. Monitoring and review mechanisms are essential to analyze and assess progress as well as consider measures for re-calibration and course correction as may be required.

It is important to define milestones and operationalize the strategy as per the desired impact of initiatives, which are being undertaken. A sample road map basis impact of initiatives is presented below. While several initiatives may commence in parallel, the graph presents a view of their impact on the overall ecosystem for combating cybercrime.

Spread awareness on cyber crime prevention since the cyber criminals are constantly inventing new ways to attack and are in search of potential victims. In fact, some of the most recent attacks on critical infrastructure of a few countries were perpetuated and successfully executed due to the low awareness level of most users, through phishing and social engineering methods.