Turn your heads to model RFP
Sensitisation workshop by MAIT steers industries and government to look at model RFPs, designed three years ago but forgotten
The department of electronics and IT (DeitY) designed a model request for proposal (RFP) document in 2010 to serve as a guiding light for all departments in their tendering process. However, it has been three years and counting and major government departments including the National Informatics Centre (NIC) has not even heard about it.
Lack of standards in specification leads to various confusions in the tendering and the project implementation stages due to which projects never get completed. According to Shankar Aggarwal, additional secretary, ministry of defence, India could have achieved 10 percent growth if technology could have been used to take decisions. “Improving the decision making process is amongst the biggest challenges in the government. We have failed in using information technology (IT) for doing so,” he said.
Aggarwal was speaking at sensitisation workshop for model RFPs organised by the Manufacturers Association for Information Technology (MAIT) here on Wednesday. The workshop is being held in three stages to increase awareness about model RFP and using them for project tendering processes.
An RFP is one of the most important documents in the government tendering process. It is the first document from the consumer (the government) enlisting its requirements, methodologies and payments for the projects. A detailed and carefully thought out RFP can greatly advantage the project by delineating roles and responsibilities of all the parties involved in the project. Aggarwal spoke about several projects in various departments, which have been languishing from several years because of lack of understanding between vendor and government. According to him, IT projects were especially affected due to lack of IT knowledge in various departments.
“Some of these IT projects were vendor driven and some tech driven. Departments couldn’t take decisions on the latter due to lack of tech knowledge. This is even the case in defence,” he said. Therefore model RFP creation is important, he added. Aggarwal stressed on decision-making and said that it needed to be time bound.
“We need to use technology to ensure time bound decision making. It should also lead to 100 percent transparency in project implementation,” he said. He added that if the project implementation is not transparent, it leads to several allegations from parties involved in it. “The re-examination to investigate these allegations could take years which again delays projects,” he said.
The additional secretary stressed on the need to encourage domestic manufacturing companies and cyber security clauses in RFPs. “All big companies bag all projects and then exploit smaller companies; we need to check on that. Also, looking at the rising cyber threat in the world, cyber security should be taken care at the RFP stage itself,” Aggarwal said.
National cloud "MeghRaj" launched
National cloud will facilitate in accelerating e-services
National cloud "MeghRaj" launched
National cloud will facilitate in accelerating e-services
GN BUREAU | FEBRUARY 05 2014
The national cloud, “MeghRaj,” was launched by Kapil Sibal, union minister of communication and information technology on Tuesday. The cloud is being implemented by the National Informatics Centre (NIC).
To avail the maximum benefits of cloud computing, the Government of India has launched the initiative, “GI Cloud,” which was renamed as “MeghRaj,” mentioned a press release issued by the Department of Electronics and Information Technology (DeitY).
The project aims to deliver e-services in a faster manner, while optimally utilizing ICT opportunities. It will also ensure the development and deployment of various eGovernance applications. The architecture of MeghRaj includes a set of discrete cloud computing environments spread across multiple locations, built on both existing and new infrastructure, within a set of rules and guidelines issued by DeitY.
To facilitate the launch, two policy reports, “GI Cloud Strategic Direction Paper’ and ‘GI Cloud Adoption and Implementation Roadmap’ have been prepared by DeitY.
The national cloud will also aid the department to procure ICT services in the OPEX model rather than invest upfront in the CAPEX model. The cloud services that are available include are Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS) and Storage as a Service (STaaS).
Self service portal, multiple cloud solutions, secured VPN access and multi location cloud are some of the features of the national cloud.
To avail the maximum benefits of cloud computing, the Government of India has launched the initiative, “GI Cloud,” which was renamed as “MeghRaj,” mentioned a press release issued by the Department of Electronics and Information Technology (DeitY).
The project aims to deliver e-services in a faster manner, while optimally utilizing ICT opportunities. It will also ensure the development and deployment of various eGovernance applications. The architecture of MeghRaj includes a set of discrete cloud computing environments spread across multiple locations, built on both existing and new infrastructure, within a set of rules and guidelines issued by DeitY.
To facilitate the launch, two policy reports, “GI Cloud Strategic Direction Paper’ and ‘GI Cloud Adoption and Implementation Roadmap’ have been prepared by DeitY.
The national cloud will also aid the department to procure ICT services in the OPEX model rather than invest upfront in the CAPEX model. The cloud services that are available include are Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS) and Storage as a Service (STaaS).
Self service portal, multiple cloud solutions, secured VPN access and multi location cloud are some of the features of the national cloud.
Capacity building for cyber space a non-starter
5 lakh professionals to protect our cyberspace may be a small number, but not when even their training seems to be hanging in a limbo
India might be the most sought after destination for IT and software services, but when it comes to cyber security or its professionals, it finds itself seriously short-changed. The new cyber security policy 2013, under discussion since 2011, mandates a chief information security officer (CISO) in every department to protect the system from cyber threats and attacks. It also mandates creation of 5,00,000 cyber security professionals in the next five years through skill development and training. Considering that China currently has 25 million cyber security professionals, and even North Korea, Singapore and Malaysia have more, this shouldn’t be a big task for India.
However as luck, and will of the Indian government, would have it the Indian cyber emergency response team (ICERT) responsible for implementing the policy does not even have a roadmap for the same.
One reason to believe that the cyber security capacity building programme in India has not even taken off is the way everyone in the government, particularly in ICERT, seem to be reacting to the question from this correspondent seeking information about the status of the project. In fact, Gulshan Rai, director general, ICERT, and the man at the helm of the affairs seemed clueless too when he said that he could not speak about capacity building on the telephone. The mail was unanswered when we went for publishing.
One more thing that no one in the department of electronics and information technology (DeitY) and ICERT seems to have any clue about is the profile of these 5,00,000 professionals the government wants to train and their skill sets. Akash Agarwal, country head, EC Council, aptly asked, “Does it (the policy to train 5,00,000 professional) mean training in the government sector or private sector? Has the word ‘professional’ been defined? How much training should a person undergo before he could be called a professional?”
Dinesh Pillai, CEO, Mahindra Special Services Group, also asked the same question. He said, “It is great that the government is thinking about training and there is a policy about it. However, the term ‘professional’ needs to be defined. Anyone with one certification today becomes a systems security guy. This should not be the case.”
According to sources in DeitY, around 40,000 people have been trained in cyber security till now. These sources also mentioned that the various universities, IITs, NITs and private universities have been roped in for providing courses in cyber and network security, information and forensics. However, Governance Now could not find any substantial courses mentioned in the syllabi of these universities.
Apart from IIT Delhi, which has announced the opening of a ‘cyber security training centre’, no other IIT was found to be doing much in terms of training in the field. The opening of the training centre at IIT Delhi was announced in November 2013. It has not started functioning or offering courses as of now. However, IITs do offer short-term courses on network security both separately and as part of their bachelor of engineering (BE/BTech) programme.
This after a notification from UGC, that all UGC/AICTE affiliated colleges would have to offer courses on cyber security at the undergraduate and postgraduate level, in January 2013. However, a quick look at the notification and one can understand the reason for the lackadaisical approach – the notification neither mandates any date or timeline for the implementation nor does it provide a ‘how-to’ plan for the same.
AICTE, in all fairness, announced that as a national policy, if an institute applies for more than one new course or more than one increase in division for a PG course in Computer Science and IT, then it would have to add one of the following courses at the PG level as well: a) cyber security, b) information technology and cyber warfare, c) biometrics and cyber security, and d) cyber forensics and information security. However, the same could not be found on the institutions’ syllabi.
Pillai said that it is not the institutes’ fault. Unless they get sufficient funding for infrastructure and gets an accreditation, it is difficult to offer courses on cyber security. “Investment for cyber security courses or training is not one time and the institutes need resources for that. Say, a course on security is offered as part of the engineering syllabus. The content would become obsolete when he graduates!” he said.
Pillai added that one more reason for the reluctance of institutes to offer these courses is the dearth of teachers. Apart from centre for development of advanced computing (C-DAC), which is training ‘master trainers’ for cyber security (more below), this area is mostly overlooked in India.
According to officials in DeitY, the training and skill development in cyber security will be done in the public-private partnership (PPP) mode. However, the private sector is not ready for such partnerships as there is hardly any infrastructure for high-end training. “There is no legislation on PPP and the private sector is not secured of cost-overflows in case the project overshoots its time. Unless these issues are sorted, PPP is difficult to take off,” said Pillai.
It is not all a big zero though. According to Prof S Sadagopan of IIT Bangalore, capacity building in cyber security and allied fields is an ongoing process and one in which India has made significant progress. He said that many institutes have been teaching technical aspects of security such as cryptography, network security, secure computing, trusted computing and secure programming for many years.
“India has excellent globally ranked conferences like Indo-CRYPT for many years. Over the next five years this area will mature, and strong research groups will form. The Indian Statistical Institute has one of the best research groups in this area,” said Sadagopan.
Another organisation that has been making small strides of its own with regards to safe practices online has been C-DAC which offers a diploma course in information security, certificate course in information security under its information security education and awareness (ISEA) project. C-DAC also offers six-week and two-week training programmes in information security sponsored by DeitY. C-DAC, along with other DeitY organisations such as DOEACC, ERNET, NIC, STQC, ICERT, also trains ‘master trainers’ who would in turn train government officers.
However, C-DAC has not been mandated under the new or old cyber security policy to train 5,00,000 professionals. According to Rajat Moona, director general, C-DAC, these programmes are running independently of the policy.
Moona also had no information of the 40,000 cyber security professionals claimed to have been trained by DeitY. This, he said, would be the general picture of people trained across skill sets across the country. “We are yet to receive a mandate of training people under the cyber security policy,” he said.
It is 2014 and the government still does not have a plan to train a team which would dedicatedly work on preventing attacks on the cyber infrastructure in India. According to Pillai, cyber security training needs trainers to think like a criminal. “Cyber security training is given from the perspective of policy abiders and those who attack are looking to break into the system. We need to think like them to protect our systems,” he said.
However as luck, and will of the Indian government, would have it the Indian cyber emergency response team (ICERT) responsible for implementing the policy does not even have a roadmap for the same.
One reason to believe that the cyber security capacity building programme in India has not even taken off is the way everyone in the government, particularly in ICERT, seem to be reacting to the question from this correspondent seeking information about the status of the project. In fact, Gulshan Rai, director general, ICERT, and the man at the helm of the affairs seemed clueless too when he said that he could not speak about capacity building on the telephone. The mail was unanswered when we went for publishing.
One more thing that no one in the department of electronics and information technology (DeitY) and ICERT seems to have any clue about is the profile of these 5,00,000 professionals the government wants to train and their skill sets. Akash Agarwal, country head, EC Council, aptly asked, “Does it (the policy to train 5,00,000 professional) mean training in the government sector or private sector? Has the word ‘professional’ been defined? How much training should a person undergo before he could be called a professional?”
Dinesh Pillai, CEO, Mahindra Special Services Group, also asked the same question. He said, “It is great that the government is thinking about training and there is a policy about it. However, the term ‘professional’ needs to be defined. Anyone with one certification today becomes a systems security guy. This should not be the case.”
According to sources in DeitY, around 40,000 people have been trained in cyber security till now. These sources also mentioned that the various universities, IITs, NITs and private universities have been roped in for providing courses in cyber and network security, information and forensics. However, Governance Now could not find any substantial courses mentioned in the syllabi of these universities.
Apart from IIT Delhi, which has announced the opening of a ‘cyber security training centre’, no other IIT was found to be doing much in terms of training in the field. The opening of the training centre at IIT Delhi was announced in November 2013. It has not started functioning or offering courses as of now. However, IITs do offer short-term courses on network security both separately and as part of their bachelor of engineering (BE/BTech) programme.
This after a notification from UGC, that all UGC/AICTE affiliated colleges would have to offer courses on cyber security at the undergraduate and postgraduate level, in January 2013. However, a quick look at the notification and one can understand the reason for the lackadaisical approach – the notification neither mandates any date or timeline for the implementation nor does it provide a ‘how-to’ plan for the same.
AICTE, in all fairness, announced that as a national policy, if an institute applies for more than one new course or more than one increase in division for a PG course in Computer Science and IT, then it would have to add one of the following courses at the PG level as well: a) cyber security, b) information technology and cyber warfare, c) biometrics and cyber security, and d) cyber forensics and information security. However, the same could not be found on the institutions’ syllabi.
Pillai said that it is not the institutes’ fault. Unless they get sufficient funding for infrastructure and gets an accreditation, it is difficult to offer courses on cyber security. “Investment for cyber security courses or training is not one time and the institutes need resources for that. Say, a course on security is offered as part of the engineering syllabus. The content would become obsolete when he graduates!” he said.
Pillai added that one more reason for the reluctance of institutes to offer these courses is the dearth of teachers. Apart from centre for development of advanced computing (C-DAC), which is training ‘master trainers’ for cyber security (more below), this area is mostly overlooked in India.
According to officials in DeitY, the training and skill development in cyber security will be done in the public-private partnership (PPP) mode. However, the private sector is not ready for such partnerships as there is hardly any infrastructure for high-end training. “There is no legislation on PPP and the private sector is not secured of cost-overflows in case the project overshoots its time. Unless these issues are sorted, PPP is difficult to take off,” said Pillai.
It is not all a big zero though. According to Prof S Sadagopan of IIT Bangalore, capacity building in cyber security and allied fields is an ongoing process and one in which India has made significant progress. He said that many institutes have been teaching technical aspects of security such as cryptography, network security, secure computing, trusted computing and secure programming for many years.
“India has excellent globally ranked conferences like Indo-CRYPT for many years. Over the next five years this area will mature, and strong research groups will form. The Indian Statistical Institute has one of the best research groups in this area,” said Sadagopan.
Another organisation that has been making small strides of its own with regards to safe practices online has been C-DAC which offers a diploma course in information security, certificate course in information security under its information security education and awareness (ISEA) project. C-DAC also offers six-week and two-week training programmes in information security sponsored by DeitY. C-DAC, along with other DeitY organisations such as DOEACC, ERNET, NIC, STQC, ICERT, also trains ‘master trainers’ who would in turn train government officers.
However, C-DAC has not been mandated under the new or old cyber security policy to train 5,00,000 professionals. According to Rajat Moona, director general, C-DAC, these programmes are running independently of the policy.
Moona also had no information of the 40,000 cyber security professionals claimed to have been trained by DeitY. This, he said, would be the general picture of people trained across skill sets across the country. “We are yet to receive a mandate of training people under the cyber security policy,” he said.
It is 2014 and the government still does not have a plan to train a team which would dedicatedly work on preventing attacks on the cyber infrastructure in India. According to Pillai, cyber security training needs trainers to think like a criminal. “Cyber security training is given from the perspective of policy abiders and those who attack are looking to break into the system. We need to think like them to protect our systems,” he said.
Model RFPs seen as corrective to PPP in e-governance
Standard documents will soon be available on finance ministry website
PRATAP VIKRAM SINGH | JANUARY 29 2014
Already reeling under the extreme depreciation of rupee vis-à-vis dollar and slower GDP growth, the IT industry is facing another set of challenge: unfavourable payment terms and lower margins in e-governance projects, resulting in serious cash flow problems. A solution to this could be the model request for proposal (RFP), which will soon be available on the finance ministry website.
The model RFP for e-governance projects were released three years back by the department of electronics and information technology (DeitY). However, different states have their own approaches. In most cases, the RFP is usually designed in a way which puts unlimited accountability on the implementing agency. Payments, even in those projects which require upfront capital expenditure on hardware and software, are made over a long period of time, causing a cash flow problem for the private companies.
This theme was discussed by a panel of experts at ‘sensitization workshop on model RFPs’ organised by MAIT, in association with the DeitY and Accenture, here on Wednesday.
Speaking at the workshop, Rajendra Kumar, joint secretary, DeitY, said that in the past the government agencies didn’t have a uniform approach towards IT procurement. The fact that several e-governance projects (the tender documents) have been vendor driven has been corroborated by industry experts. To resolve the same, “the DeitY came up with model RFPs, along with guidance notes and toolkits. The department has also imparted training to states”, Kumar said.
The adoption of the model RFPs, however, has been rather slow, said Kumar. He said if states wish so, his department could vet their RFP documents and provide its recommendations. He said that the department is in talks with the finance ministry to upload the model RFPs on latter’s website.
Jivesh Nandan, principal secretary, IT, Uttar Pradesh, said that though the model RFP approach deserves appreciation, the RFP suggested by DeitY should have provisions for state-specific changes.
He cited the e-District project, which has not been implemented in half of the state, because no one from the industry has shown interest in the implementation. He said the deadlines for closing tenders have been extended six times. Terms including project go-live and payment terms need to be clearly defined, he said.
He said that once something is suggested from DeitY, the changes proposed by the state IT department has to be strongly justified, which is not that simple. He urged the DeitY to mention specifically where all changes can be done by the states in the standard documents.
Vivek Attray, additional secretary, IT, Haryana said the lack of clarity in RFPs is due to the indifference shown by the head of departments towards the project documents. The documents are made by inexperienced consultants. If secretaries and other senior officials start paying attention to the RFP and rectify before its release, a lot of issues around it will be resolved.
CT Bhadran, head, government and defence business, HCL Infosystems, and chairman, system integration, MAIT, said that the compliance to model RFPs will be the first step towards resolving the PPP challenges. He, along with other industry experts at the workshop, urged government to have a pre-bid meeting with vendors before finalizing the RFP
The model RFP for e-governance projects were released three years back by the department of electronics and information technology (DeitY). However, different states have their own approaches. In most cases, the RFP is usually designed in a way which puts unlimited accountability on the implementing agency. Payments, even in those projects which require upfront capital expenditure on hardware and software, are made over a long period of time, causing a cash flow problem for the private companies.
This theme was discussed by a panel of experts at ‘sensitization workshop on model RFPs’ organised by MAIT, in association with the DeitY and Accenture, here on Wednesday.
Speaking at the workshop, Rajendra Kumar, joint secretary, DeitY, said that in the past the government agencies didn’t have a uniform approach towards IT procurement. The fact that several e-governance projects (the tender documents) have been vendor driven has been corroborated by industry experts. To resolve the same, “the DeitY came up with model RFPs, along with guidance notes and toolkits. The department has also imparted training to states”, Kumar said.
The adoption of the model RFPs, however, has been rather slow, said Kumar. He said if states wish so, his department could vet their RFP documents and provide its recommendations. He said that the department is in talks with the finance ministry to upload the model RFPs on latter’s website.
Jivesh Nandan, principal secretary, IT, Uttar Pradesh, said that though the model RFP approach deserves appreciation, the RFP suggested by DeitY should have provisions for state-specific changes.
He cited the e-District project, which has not been implemented in half of the state, because no one from the industry has shown interest in the implementation. He said the deadlines for closing tenders have been extended six times. Terms including project go-live and payment terms need to be clearly defined, he said.
He said that once something is suggested from DeitY, the changes proposed by the state IT department has to be strongly justified, which is not that simple. He urged the DeitY to mention specifically where all changes can be done by the states in the standard documents.
Vivek Attray, additional secretary, IT, Haryana said the lack of clarity in RFPs is due to the indifference shown by the head of departments towards the project documents. The documents are made by inexperienced consultants. If secretaries and other senior officials start paying attention to the RFP and rectify before its release, a lot of issues around it will be resolved.
CT Bhadran, head, government and defence business, HCL Infosystems, and chairman, system integration, MAIT, said that the compliance to model RFPs will be the first step towards resolving the PPP challenges. He, along with other industry experts at the workshop, urged government to have a pre-bid meeting with vendors before finalizing the RFP
ISPs must adopt new measures to ward off cyber attacks: DoT
Amid growing threats of cyber attacks and hacking of websites, the Department of Telecommunications (DoT) has asked all Internet Service Providers (ISPs) to adopt new security measures for those using fixed-line broadband.
Noting that hackers have been exploiting vulnerabilities in the ADSL (asymmetric digital subscriber line) modems — those normally installed by broadband service providers at homes and offices — to implant malware and manipulate data, the DoT has written to all ISPs to “assist customers to change the password, including by physical visits.” It has also come out with a new set of guidelines for ISPs that must be implemented by May this year to ensure security of almost 1.5 crore fixed-line broadband users.
“The ADSL modems are presently supplied by vendors with default set up of user ID and password as ‘admin.’ The default password needs to be changed to a strong password by customer at the time of installation of modem to avoid unauthorised access to modem. The ISP executive visiting customer for installation of modem should ensure this,” said the DoT note.
“The protocol ports in ADSL modem on WAN side [for example, FTP, TELNET, SSH, HTTP, SNMP, CWMP, UPnP] be disabled. These ports may be used by the hackers to enter into the ADSL modem to misuse/compromise the ADSL modems by way of implanting the malware, changing the DNS entries in the modem,” it added.
In other instructions, the ISPs have been asked to devise a “mechanism to upgrade the firmware of the ADSL modems remotely by ISPs.” For this, the ISPs need to have separate login password, which is not possible in the present system of ADSL modem design. The DoT has asked the ISPs to tell their customers to check their online daily usage, and if any unexpected high usage of data is noticed, they may bring it to the notice of the ISP concerned. Customers should also be advised to switch off their modem when not in use.
Acknowledging that the DoT has alerted all ISPs to implement new security measures on a war-footing, Internet Service Providers Association of India (ISPAI) president Rajesh Chharia told The Hindu that these steps would go a long way in making Indian Internet users secure from hacking, besides creating awareness about how to tackle such vulnerabilities of the world wide web.
“We will also ask the ISPs to adopt all best practices available globally to make our Internet users more secure... The government and the industry will have to work jointly to make our cyber world secure,” he added.
| Fighting Cyber Crimes | ||
K. K. Pant*
With the continual expansion of the ‘cyber world’ around us, more and more people and organizations are getting intertwined on the internet and other platforms, including the mobiles and the fast expanding ‘cloud’. This on the one hand has proved to be a boon for the business, establishments, enterprises, education field, interpersonal relations and the society as whole; but at the same time has also become a preying ground for the unscrupulous elements thereby providing innumerable and innovative ways of cheating and defrauding. This defrauding can take place not only with respect to financial losses but also in relation to reputation, privacy and networking websites, including matrimonial websites. As a result, there is a continuous effort on the part of the Government to take such steps as will prevent and punish the cyber crimes and their perpetrators so that even the common man can tread on the cyber highway without fear of falling prey to unscrupulous elements. In this effort the Central Government is working in consort with all stakeholders.
As per the Crime Data /information maintained by National Crime Record Bureau (NCRB), 2,464 cases of crime such as hacking and others, were registered during 2012. A total of 1,440 cases were related to loss / damage to computer resource/ utility reported under hacking with computer systems (Section 66(1) of the Information Technology Act 2000) and 435 cases were related to hacking under Section 66(2) of the Information Technology Act 2000. For committing such crimes, 749 persons were arrested during 2012. There were 589 cases of obscene publications / transmission in electronic form under Section 67 of Information Technology Act, 2000 during the year 2012; wherein 497 persons were arrested. In addition, 259 cases of cheating through cyber forgery and 118 cases of cyber frauds were registered under Indian Penal Code (IPC) provisions. Further, as per the information provided by Reserve Bank of India 6,034 frauds involving credit /ATM/ debit cards were reported in 2013.
Fighting Cyber Crime Needs Concerted Efforts
Police and Public Order are State subjects under the Constitution and as such the State Governments and Union Territory Administrations are primarily responsible for prevention, detection, registration and investigation of crime including Cyber Crime and for prosecuting the criminals through Law Enforcement machinery within their jurisdictions.
The Cyber space is virtual, borderless and anonymous. Anyone can open e-mail account in any name including fake name from any part of the world. Any user with any email address is allowed to register with social networking sites with any name including fake names. No background information check is performed by the social networking sites, which leads to creation of fake accounts by miscreants for committing crimes/ frauds. Most of the networking sites are located abroad. The servers of these social networking sites are also located abroad.
A total no. of 3, 45, 37 and 36 cases of fake accounts/ profiles on various social networking websites were reported to Indian Computer Emergency Response Team (CERT-In) in the year 2010, 2011, 2012 and 2013 (till November) by various Law Enforcement Agencies. CERT-In, further, contacted these social networking websites for disabling of fake accounts and for getting user access details of these fake accounts/profiles. In most of the cases, such fake accounts were successfully disabled in association with social networking sites, having offices in India. However, success rate is low in disabling accounts and getting information from social networking sites having offices abroad.
Steps Taken by the Central Government to Prevent Frauds
Government has taken the following actions to prevent frauds by social networking sites and matrimonial sites:
· Government has notified the Information Technology (Intermediary Guidelines) Rules 2011 under Section 79 of the Information Technology Act. These rules require that the Intermediaries, including national and international social networking sites and matrimonial sites, shall observe due diligence while discharging their duties and shall inform the users of Computer resources not to host, display, upload, modify, publish, transmit, update or share any information that is harmful, objectionable, affect minors and unlawful in any way. The said rules also require the intermediaries to appoint Grievance Officers to address the grievances received from users and affected individuals / organizations as and when received by them.
· Government issued an advisory on 17th August 2012 to all the intermediaries, including national and international social networking sites, advising them to take necessary action to disable inflammatory and hateful content hosted on their web sites on priority basis.
· Government also conducts awareness campaign on the issue to educate users.
· The Government is in regular dialog with the intermediaries including social networking sites for effective and efficient disablement of such content.
Creating an Efficient Fighting Force to Beat Cyber Crimes
Fighting any type of crime needs a robust, dedicated, efficient and well-trained force and fighting cyber crimes is no exception. To train and develop Cyber Crime investigators, the Central Government has taken a series of steps, which include:
· Ministry of Home Affairs has issued an Advisory to the State Governments and Union Territory Administrations to build adequate technical capacity in handling cyber crime including trained manpower for detection, registration, investigation and prosecution of cyber crimes. Also, under the Cyber Crime Investigation programme, Ministry of Home Affairs is supporting the establishment of Cyber Crime Police Stations (CCPS) and Cyber Crime Investigations and Forensic Training Facilities (CCIFTF) in each State / Union Territory of India under Police Modernization Scheme. Action also has been taken to set up a National Centre of Excellence exclusively devoted to render Cyber Forensic services and to act as National Research and Training Centre on Cyber Forensics.
· A major programme has been undertaken on development of cyber forensics tools, setting up of infrastructure for investigation and training of the users, particularly police and judicial officers in use of this tool to collect and analyze the digital evidence and present them in Courts.
· Indian Computer Emergency Response Team (CERT-In) and Centre for Development of Advanced Computing (CDAC) are involved in providing basic and advanced training to Law Enforcement Agencies, Forensic labs and judiciary on the procedures and methodology of collecting, analyzing and presenting digital evidence.
· Cyber forensics training lab has been set up at Training Academy of Central Bureau of Investigation (CBI) to impart basic and advanced training in Cyber Forensics and Investigation of Cyber Crimes to Police Officers associated with CBI. In addition, Government has set up cyber forensic training and investigation labs in the States of Kerala, Assam, Mizoram, Nagaland, Arunachal Pradesh, Tripura, Meghalaya, Manipur and Jammu & Kashmir for training of Law Enforcement and Judiciary in these States.
· In collaboration with Data Security Council of India (DSCI), NASSCOM, Cyber Forensic Labs have been set up at Mumbai, Bengaluru, Pune and Kolkata for awareness creation and training programmes on Cyber Crime investigation. National Law School, Bangalore and NALSAR University of Law, Hyderabad are also engaged in conducting several awareness and training programmes on Cyber Laws and Cyber crimes for judicial officers.
Enough Funds Provided for the Fight
A total budget of Rs. 2074.45 lakhs has so far been sanctioned by the Department of Electronics and Information Technology (DeitY) , Ministry of Communications and Information Technology, for implementing the projects to train and develop Cyber Crime investigators, forensic examiners, judiciary and setting up of cyber crime investigation training labs.
Rs. 500 crore has been allocated for DeitY in the 12th Plan period (2012-17) for Cyber Security Programme including Cyber Safety, Security and Surveillance, Cyber Crime Investigations and Cyber Forensics.
BJP among six foreign parties authorised for NSA surveillance
India’s ruling Bharatiya Janata Party was included in a top-secret list of six non-U.S. political parties worldwide that the U.S. National Security Agency received official permission to covertly spy upon, according to the latest trove of data released to the media by Edward Snowden, former NSA contractor-turned fugitive whistleblower.
According to documents that Mr. Snowden published via The Washington Post on Monday, the U.S.’ shadowy Foreign Intelligence Surveillance Act (FISA) court gave the NSA “broad leeway” in conducting surveillance upon not only these six political parties but also a list of 193 foreign governments — including India — and only four countries were off-limits under this programme.
The Post reported that Washington has long adhered to broad “no-spying arrangements” with only the U.K, Canada, Australia and New Zealand, a group known collectively with the U.S. as the “Five Eyes.”
Yet the classified 2010 legal certification given to the NSA by the FISA court suggests the Agency received “a far more elastic authority than previously known,” one that reportedly allowed it to intercept through U.S. companies not just the communications of its overseas targets but any communications about those targets too.
The documents further revealed that the FISA court authorised the NSA to snoop on the Internet and telephone communications of the World Bank, the United Nations, OPEC, and the European Union.
The other five political parties that the NSA had authority to spy upon were Amal of Lebanon, with links to Hezbollah; the Bolivarian Continental Coordinator of Venezuela, with links to FARC; the Egyptian Muslim Brotherhood; the Egyptian National Salvation Front; and the Pakistan People’s Party.
In a comment to the Post, Jameel Jaffer, Deputy Legal Director for the American Civil Liberties Union, said, “These documents show both the potential scope of the government’s surveillance activities and the exceedingly modest role the court plays in overseeing them.”
|
No comments:
Post a Comment