#FactCheck: Viral video claims Ahmedabad plane crash but actually a Hollywood Movie Clip

Introduction 

Governments worldwide are enacting cybersecurity laws to enhance resilience and secure cyberspace against growing threats like data breaches, cyber espionage,  and state-sponsored attacks in the digital landscape. As a response, the EU Council has been working on adopting new laws and regulations under its EU Cybersecurity Package- a framework to enhance cybersecurity capacities across the EU to protect critical infrastructure, businesses, and citizens. Recently, the Cyber Solidarity Act was adopted by the Council, which aims to improve coordination among EU member states for increased cyber resilience. Since regulations in the EU play a significant role in shaping the global regulatory environment, it is important to keep an eye on such developments.

Overview of the Cyber Solidarity Act 

The Act sets up a European Cyber Security Alert System consisting of Cross-Border Cyber Hubs across Europe to collect intelligence and act on cyber threats by leveraging emerging technology such as Artificial Intelligence (AI) and advanced data analytics to share warnings on cyber threats with other cyber data centres across the national borders of the EU. This is expected to assist authorities in responding to cyber threats and incidents more quickly and effectively. 

Further, it provides for the creation of a new Cybersecurity Emergency Mechanism to enhance incident response systems in the EU.  This will include testing the vulnerabilities in critical sectors like transport, energy, healthcare, finance, etc., and creating a reserve of private parties to provide mutual technical assistance for incident response requests from EU member-states or associated third countries of the Digital Europe Programme in case of a large-scale incident.  

Finally, it also provides for the establishment of a European Cybersecurity Incident Review Mechanism to monitor the impact of the measures under this law. 

Key Themes

1. Greater Integration: The success of this Act depends on the quality of cooperation and interoperability between various governmental stakeholders across defence, diplomacy, etc. with regard to data formats, taxonomy, data handling and data analytics tools. For example, Cross-Border Cyber Hubs are mandated to take the interoperability guidelines set by the European Union Agency for Cybersecurity (ENISA) as a starting point for information-sharing principles with each other.  
2. Public-Private Collaboration: The Act provides a framework to govern relationships between stakeholders such as the public sector, the private sector, academia, civil society and the media, identifying that public-private collaboration is crucial for strengthing EUs cyber resilience. In this regard, National Cyber Hubs are proposed to carry out the strengthening of information sharing between public and private entities.  
3. Centralized Regulation: The Act aims to strengthen all of the EU's cyber solidarity by outlining dedicated infrastructure for improved coordination and intelligence-sharing regarding cyber events among member states. Equal matching contribution for procuring the tools, infrastructure and services is to be made by each selected member state and the European Cybersecurity Competence Centre, a body tasked with funding cybersecurity projects in the EU. 
4. Setting a Global Standard: The underlying rationale behind strengthening cybersecurity in the EU is not just to protect EU citizens from cyber-threats to their fundamental rights but also to drive norms for world-class standards for cybersecurity for essential and critical services, an initiative several countries rely on.

Conclusion

In the current digital landscape, governments, businesses, critical sectors and people are increasingly interconnected through information and network connection systems and are using emerging technologies like AI, exposing them to multidimensional vulnerabilities in cyberspace. The EU in this regard continues to be a leader in setting standards for the safety of participants in the digital arena through regulations regarding cybersecurity. The Cyber Solidarity Act’s design including cross-border cooperation, public-private collaboration, and proactive incident-monitoring and response sets a precedent for a unified approach to cybersecurity. As the EU’s Cybersecurity Package continues to evolve, it will play a crucial role in ensuring a secure and resilient digital future for all. 

Sources

• https://www.consilium.europa.eu/en/press/press-releases/2024/12/02/cybersecurity-package-council-adopts-new-laws-to-strengthen-cybersecurity-capacities-in-the-eu/ 
• https://data.consilium.europa.eu/doc/document/PE-94-2024-INIT/en/pdf 
• https://digital-strategy.ec.europa.eu/en/policies/cybersecurity-strategy 
• https://www.weforum.org/stories/2024/10/cybersecurity-regulation-changes-nis2-eu-2024/

Introduction

To every Indian’s pride, the maritime sector has seen tremendous growth under various government initiatives. Still, each step towards growth should be given due regard to security measures. Sadly, cybersecurity is still treated as a secondary requirement in various critical sectors, let alone to protect the maritime sector and its assets. Maritime cybersecurity includes the protection of digital assets and networks that are vulnerable to online threats. Without an adequate cybersecurity framework in place, the assets remain at risk from cyber threats, such as malware and scams, to more sophisticated attacks targeting critical shore-based infrastructure. Amid rising global cyber threats, the maritime sector is emerging as a potential target, underscoring the need for proactive security measures to safeguard maritime operations. In this evolving threat landscape, assuming that India's maritime domain remains unaffected would be unrealistic.

Overview of India’s Maritime Sector   

India’s potential in terms of its resources and its ever-so-great oceans. India is well endowed with its dynamic 7,500 km coastline, which anchors 12 major ports and over 200 minor ones. India is strategically positioned along the world’s busiest shipping routes, and it has the potential to rise to global prominence as a key trading hub. As of 2023, India’s share in global growth stands at a staggering 16%, and India is reportedly running its course to become the third-largest economy, which is no small feat for a country of 1.4 billion people. This growth can be attributed to various global initiatives undertaken by the government, such as “Sagarmanthan: The Great Oceans Dialogue,” laying the foundation of an insightful dialogue between the visionaries to design a landscape for the growth of the marine sector. The rationale behind solidifying a security mechanism in the maritime industry lies in the fact that 95% of the country’s trade by volume and 70% by value is handled by this sector. 

Current Cybersecurity Landscape in the Maritime Sector 

All across the globe, various countries are recognising the importance of their seas and shores, and it is promising that India is not far behind its western counterparts. India has a glorious history of seas that once whispered tales of Trade, Power, and Civilizational glory, and it shall continue to tread its path of glory by solidifying and securing its maritime digital infrastructure. The path brings together an integration of the maritime sector and advanced technologies, bringing India to a crucial juncture – one where proactive measures can help bridge the gap with global best practices. In this context, to bring together an infallible framework, it becomes pertinent to incorporate IMO’s Guidelines on maritime cyber risk management, which establish principles to assess potential threats and vulnerabilities and advocate for enhanced cyber discipline. In addition, the guidelines that are designed to encourage safety and security management practices in the cyber domain warn the authorities against procedural lapses that lead to the exploitation of vulnerabilities in either information technology or operational technology systems. 

Anchoring Security: Global Best Practices & Possible Frameworks

The Asia-Pacific region has not fallen behind the US and the European Union in realising the need to have a dedicated framework, with the growing prominence of the maritime sector and countries like Singapore, China, and Japan leading the way with their robust frameworks. They have in place various requirements that govern their maritime operations and keep in check various vulnerabilities, such as Cybersecurity Awareness Training, Cyber Incident Reporting, Data Localisation, establishing secure communications, Incident management, penalties, etc.

Every country striving towards growth and expanding its international trade and commerce must ensure that it is secure from all ends to boost international cooperation and trust. On that note, the maritime sector has to be fortified by placing the best possible practices or a framework that is inclined towards its commitment to growth. The following four measures are indispensable to this framework, and in the maritime industry, they must be adapted to the unique blend of Information Technology (IT) and Operational Technology (OT) used in ships, ports, and logistics. The following mechanisms are not exhaustive in nature but form a fundamental part of the framework:

‍

• Risk Assessment: Identifying, analysing, and ensuring that all systems that are susceptible to cyber threats are prioritized and vulnerability scans are conducted of vessel control systems and shore-based systems. The critical assets that have a larger impact on the whole system should be kept formidable in comparison to other systems that may not require the same attention.
• Access Control: Restrictions with regard to authorisation, wherein access must be restricted to verified personnel to reduce internal threats and external breaches. 
• Incident Response Planning: The nature of cyber risks is inherently dynamic in nature; there are no calls for cyber attacks or warfare techniques. Such attacks are often committed in the shadows, so as to require an action plan to respond to and to recover from cyber incidents effectively. 
• Continuous Staff Training: Regularly educating all levels of maritime personnel about cyber hygiene, threat trends, and secure practices. 

CyberPeace Suggests: Legislative & Executive Imperatives

It can be said with reasonable foresight that the Indian maritime sector is in need of a national maritime cybersecurity framework that operates in cooperation with the international framework. The national imperatives will include robust cyber hygiene requirements, real-time threat intelligence mechanisms, incident response obligations, and penalties for non-compliance. The government must strive to support Indian shipbuilders through grants or incentives to adopt cyber-resilient ship design frameworks. 

The legislative quest should be to incorporate the National Maritime Cybersecurity Framework with the well-established CERT-In guidelines and data protection principles. The one indispensable requirement set under the framework should be to mandate Cybersecurity Awareness Training to help deploy trained personnel equipped to tackle cyber threats. The rationale behind such a requirement is that there can be no “one-size-fits-all” approach to managing cybersecurity risk, which is dynamic and evolving in nature, and the trained personnel will play a key role in helping establish a customised framework. 

References

• https://pib.gov.in/PressNoteDetails.aspx?NoteId=153432&reg=3&lang=1 
• https://bisresearch.com/industry-report/global-maritime-cybersecurity-market.html#:~:text=Maritime%20cybersecurity%20involves%20safeguarding%20digital,and%20protection%20against%20potential%20risks. 
• https://www.shipuniverse.com/2025-maritime-cybersecurity-regulations-a-simplified-breakdown/#:~:text=Japan%3A,for%20incident%20response%20and%20recovery. 
• https://wwwcdn.imo.org/localresources/en/OurWork/Security/Documents/MSC-FAL.1-Circ.3-Rev.2%20-%20Guidelines%20On%20Maritime%20Cyber%20Risk%20Management%20(Secretariat)%20(1).pdf 

‍

Introduction

The Telecommunications Act of 2023 was passed by Parliament in December, receiving the President's assent and being published in the official Gazette on December 24, 2023. The act is divided into 11 chapters 62 sections and 3 schedules. Sections 1, 2, 10-30, 42-44, 46, 47, 50-58, 61 and 62 already took effect on June 26, 2024. 

On July 04, 2024, the Centre issued a Gazetted Notification and sections 6-8, 48 and 59(b) were notified to be effective from July 05, 2024. The Act aims to amend and consolidate the laws related to telecommunication services, telecommunication networks, and spectrum assignment and it ‘repeals’ certain older colonial-era legislations like the Indian Telegraph Act 1885 and Indian Wireless Telegraph Act 1933. Due to the advancements in technology in the telecom sector, the new law is enacted. 

On 18 July 2024 Thursday, the telecom minister while launching the theme of Indian Mobile Congress (IMC), announced that all rules and provisions of the new Telecom Act would be notified within the next 180 days, hence making the Act operational at full capacity. 

Important definitions under Telecommunications Act, 2023

1. Authorisation: Section 2(d) entails “authorisation” means a permission, by whatever name called, granted under this Act for— (i) providing telecommunication services; (ii) establishing, operating, maintaining or expanding telecommunication networks; or (iii) possessing radio equipment.
2. Telecommunication: Section 2(p) entails “Telecommunication” means transmission, emission or reception of any messages, by wire, radio, optical or other electro-magnetic systems, whether or not such messages have been subjected to rearrangement, computation or other processes by any means in the course of their transmission, emission or reception.
3. Telecommunication Network: Section 2(s) entails “telecommunication network” means a system or series of systems of telecommunication equipment or infrastructure, including terrestrial or satellite networks or submarine networks, or a combination of such networks, used or intended to be used for providing telecommunication services, but does not include such telecommunication equipment as notified by the Central Government.
4. Telecommunication Service: Section 2(t) entails “telecommunication service” means any service for telecommunication.

‍

Measures for Cyber Security for the Telecommunication Network/Services

Section 22 of the Telecommunication Act, 2023 talks about the protection of telecommunication networks and telecommunication services. The section specifies that the centre may provide rules to ensure the cybersecurity of telecommunication networks and telecommunication services. Such measures may include the collection, analysis and dissemination of traffic data that is generated, transmitted, received or stored in telecommunication networks. ‘Traffic data’ can include any data generated, transmitted, received, or stored in telecommunication networks – such as type, duration, or time of a telecommunication. 

Section 22 further empowers the central government to declare any telecommunication network, or part thereof, as Critical Telecommunication Infrastructure. It may further provide for standards, security practices, upgradation requirements and procedures to be implemented for such Critical Telecommunication Infrastructure. 

CyberPeace Policy Wing Outlook:

The Telecommunication Act, 2023 marks a significant change & growth in the telecom sector by providing a robust regulatory framework, encouraging research and development, promoting infrastructure development, and measures for consumer protection. The Central Government is empowered to authorize individuals for (a) providing telecommunication services, (b) establishing, operating, maintaining, or expanding telecommunication networks, or (c) possessing radio equipment. Section 48 of the act provides no person shall possess or use any equipment that blocks telecommunication unless permitted by the Central Government. 

The Central Government will protect users by implementing different measures, such as the requirement of prior consent of users for receiving particular messages, keeping a 'Do Not Disturb' register to stop unwanted messages, the mechanism to enable users to report any malware or specified messages received, the preparation and maintenance of “Do Not Disturb” register, to ensure that users do not receive specified messages or class of specified messages without prior consent. The authorized entity providing telecommunication services will also be required to create an online platform for users for their grievances pertaining to telecommunication services. 

In certain limited circumstances such as national security measures, disaster management and public safety, the act contains provisions empowering the Government to take temporary possession of telecom services or networks from authorised entity; direct interception or disclosure of messages, with measures to be specified in rulemaking. This entails that the government gains additional controls in case of emergencies to ensure security and public order. However, this has to be balanced with appropriate measures protecting individual privacy rights and avoiding any unintended arbitrary actions. 

Taking into account the cyber security in the telecommunication sector, the government is empowered under the act to introduce standards for cyber security for telecommunication services and telecommunication networks; and encryption and data processing in telecommunication. 

The act also promotes the research and development and pilot projects under Digital Bharat Nidhi. The act also promotes the approach of digital by design by bringing online dispute resolution and other frameworks. Overall the approach of the government is noteworthy as they realise the need for updating the colonial era legislation considering the importance of technological advancements and keeping pace with the digital and technical revolution in the telecommunication sector. 

References:

1. The Telecommunications Act, 2023 https://acrobat.adobe.com/id/urn:aaid:sc:AP:88cb04ff-2cce-4663-ad41-88aafc81a416
2. https://pib.gov.in/PressReleasePage.aspx?PRID=2031057
3. https://pib.gov.in/PressReleaseIframePage.aspx?PRID=2027941
4. https://economictimes.indiatimes.com/industry/telecom/telecom-news/new-telecom-act-will-be-notified-in-180-days-bsnl-4g-rollout-is-monitored-on-a-daily-basis-scindia/articleshow/111851845.cms?from=mdr
5. https://www.azbpartners.com/wp-content/uploads/2024/06/Update-Staggered-Enforcement-of-Telecommunications-Act-2023.pdf
6. https://telecom.economictimes.indiatimes.com/blog/analysing-the-impact-of-telecommunications-act-2023-on-digital-india-mission/111828226

‍