Tech and Government

Introduction

Cyberspace is the new and the fifth dimension of warfare as recognised by the UN. In recent times we have seen a significant rise in cyber attacks on nations’ strategic interests and critical infrastructure. The scope of cyberwarfare is increasing rapidly in contemporary times. Nations across the globe are struggling with this issue. The Ministry of Defence of the Government of India has been fundamental to take preventive measures towards all attacks on the Republic of India. The ministry is the junction for all three forces: Airforce, Navy and Army and creates coordination between the forces and deploys the force at strategic locations in terms of enemy threats.

The new OS

Governments across the world have developed various cyber security measures and mechanisms to keep data and information safe and secure. Similarly, the Indian Government has been very critical in deploying cybersecurity strategies, policies, measures, and bills to safeguard the Indian cyber-ecosystem.  The Ministry of Defence has recently made a transition in terms of the Operating System used in the daily functions of the ministry. Earlier, the ministry was using an OS from Microsoft, which has now been replaced with the indigenous OS named “Maya” based on open-source Ubuntu. This is the first time the ministry will be deploying indigenous operating software. This step comes at a time of global rise in cyber attacks, and the aspect of indigenous OS will prevent malware and spyware attacks.‍

What is Maya?

Users will not notice many differences while switching to Maya because it has a similar interface and functionality to Windows. The first instruction is to install Maya on all South Block PCs with Internet access before August 15.  In these systems, a Chakravyuh “endpoint detection and protection system” is also being installed. Maya isn’t yet installed on any computers connected to the networks of the three Services; instead, it is solely used in Defence Ministry systems. It had also been reviewed by the three Services and would shortly be adopted on service networks. The Army and Air Force were currently reviewing it after the Navy had already given its approval.

OS Maya was created by government development organisations in less than six months. An official from the ministry has informed that Maya would stop malware attacks and other cyberattacks, which have sharply increased. The nation has recently experienced a number of malware and extortion attacks, some of which targeted vital infrastructure. The Defence Ministry has made repeated attempts in the past to switch from Windows to an Indian operating system.

How will the new OS help?

The OS Maya is a critically developed OS and is expected to cater to the needs of all cybersecurity and safety issues of contemporary threats and vulnerabilities.

The following aspects need to be kept in mind in regard to safety and security issues:

• Better and improved security and safety
• Reduced chances of cyberattacks
• Promotion of Inidegenous talent and innovation
• Global standard OS
• Preventing and precautionary measures
• Safety by Design for overall resilience
• Improved Inter forces coordination
• Upskilling and capacity building for Serving personnel

Conclusion

Finally, the emergence of cyberspace as the fifth dimension of warfare has compelled countries all over the world to adopt a proactive stance, and India’s Ministry of Defence has made a significant move in this area. The significance of strengthened cybersecurity measures has been highlighted by the rising frequency and level of complexity of cyberattacks against key assets and vital infrastructure. The Ministry’s choice to use the local Maya operating system is a key step in protecting the country’s cyber-ecosystem. Maya’s debut represents a fundamental shift in the cybersecurity approach as well as a technology transition. This change not only improves the security and protection of confidential data but also demonstrates India’s dedication to supporting innovation and developing homegrown talent. Government development organisations have shown their commitment to solving the changing difficulties of the digital age by producing cutting-edge operating systems like Maya in a relatively short amount of time.

Introduction

Criminal justice in India is majorly governed by three laws which are – Indian Penal Code, Criminal Procedure Code and Indian Evidence Act. The centre, on 11th August 2023’ Friday, proposes a new bill in parliament Friday, which is replacing the country’s major criminal laws, i.e. Indian Penal Code, Criminal Procedure Code and Indian Evidence Act.

The following three bills are being proposed to replace major criminal laws in the country:

• The Bharatiya Nyaya Sanhita Bill, 2023 to replace Indian Penal Code 1860.
• The Bharatiya Nagrik Suraksha Sanhita Bill, 2023, to replace The Code Of Criminal Procedure, 1973.
• The Bharatiya Sakshya Bill, 2023, to replace The Indian Evidence Act 1872.

Cyber law-oriented view of the new shift in criminal lawNotable changes:Bharatiya Nyaya Sanhita Bill, 2023  Indian Penal Code 1860.

‍

‍Way ahead for digitalisation

‍The new laws aim to enhance the utilisation of digital services in court systems, it facilitates online registration of FIR, Online filing of the charge sheet,  serving summons in electronic mode, trial and proceedings in electronic mode etc.  The new bills also allow the virtual appearance of witnesses, accused, experts, and victims in some instances. This shift will lead to the adoption of technology in courts and all courts to be computerised in the upcoming time.

‍Enhanced recognition of electronic records

‍With the change in lifestyle in terms of the digital sphere, significance is given to recognising electronic records as equal to paper records.

‍Conclusion

‍The criminal laws of the country play a significant role in establishing law & order and providing justice. The criminal laws of India were the old laws existing under British rule. There have been several amendments to criminal laws to deal with the growing crimes and new aspects. However, there was a need for well-established criminal laws which are in accordance with the present era. The step of the legislature by centralising all criminal laws in their new form and introducing three bills is a good approach which will ultimately strengthen the criminal justice system in India, and it will also facilitate the use of technology in the court system.

Introduction

Recently the Indian Government banned the import of Laptops and tablets in India under the computers of HSN 8471. According to the notification of the government, Directorate General of foreign trade, there will be restrictions on the import of Laptops, tablets, and other electronic items from 1^st November 2023. The government advised the Domestic companies to apply for the license within three months. As the process is simple, and many local companies have already applied for the license. The government will require a valid license for the import of laptops and other electronic items.

The Government imposed restrictions on the Import of Laptops & other electronic products

The DGFT (The directorate General of foreign trade) imposed restrictions on the import of electronic items in India. And, there has been the final date has also been given that the companies only have 3 months to apply for a valid license, from November 1^st 2023there will be a requirement for a valid license for the import, and there will be a proper ban on the import of laptops & tablets, and other electronic items. The ban is on the HSN-8471. These are the products that indicate that they are taxable. It is a classification code to identify the taxable items. India has sufficient capacity and capability to manufacture their own IT hardware devices and boost production.

The government has notified production linked incentive, PLI Scheme 2.0, for the IT devices, which will soon be disclosed, and the scheme is expected to lead to a total of 29 thousand crore rupees worth of IT hardware nearly. And this will create future job opportunities in the five to six years.

The pros & cons of the import

Banning import has two sides. The positive one is that, it will promote the domestic manufacturers, local companies will able to grow, and there will be job opportunities, but if we talk about the negative side of the import, then the prices will be high for the consumers. One aspect is making India’s digital infrastructure stable, and the other side is affecting consumers.

Reasons Behind the ban on the Import of electronic items

There are the following reasons behind the ban on the Import of laptops and tablets,

• The primary reason why the government banned the import of laptops and other electronic items is because of security concerns about the data. And to prevent data theft a step has been taken by the Government.
• The banning will help the domestic manufacturer to grow and will provide opportunities to the local companies in India.
• It will help in the creation of Job vacancies in the country.
• There will be a curb down of selling of Chinese products.

The government will promote the digital infrastructure of India by putting a ban on imports. Such as there are domestic companies like Reliance recently launched a laptop by the name of Jio Book, and there is a company that sells the cheapest tablet called Aakash, so the import ban will promote these types of electronic items of the local companies. This step will soon result in digital advancement in India.

Conclusion

The laptop, tablets, and other electronic products that have been banned in India will make a substantial move with the implications. The objective of the ban is to encourage domestic manufacturing and to secure the data, however, it will also affect the consumers which can not be ignored. The other future effects are yet to be seen. But the one scenario is clear, that the policy will significantly make a change in India’s Technology industry.

Introduction

Data protection has been a critical aspect of advocacy and governance all across the world. Data fuels our cyber-ecosystem and strengthens the era of emerging technologies. All industries and sectors are now dependent upon the data of the user. The governments across the world have been deliberating internally to address the issue and legality of Data protection and privacy. The Indian government has witnessed various draft bills and policies focusing on Data protection over the years, and the contemporary bill is the Digital Personal Data Protection Bill, 2023, which was tabled at the Lok Sabha (Lower House of Parliament) on 03 August for discussions and parliamentary assent.

What is DPDP, 2023?

The goal of the complete and comprehensive Digital Personal Data Protection Bill of 2023 is to establish a framework for the protection of personal data in India. The measure acknowledges the significance of protecting personal data and seeks to strike a balance between the necessity to process personal data for legitimate purposes and the right of individuals to do so. The bill establishes a number of crucial expressions and ideas associated with the protection of personal data, including “data fiduciary,” “data principal,” and “sensitive personal data.” It also emphasises the duties of data fiduciaries, including the need to establish suitable security measures to preserve personal data and the need to secure data principals’ consent before processing their personal information. The measure also creates the Data Protection Board of India, which would implement its requirements and guarantee data fiduciaries’ compliance. The board will have the authority to look into grievances, give directives, and impose sanctions for non-compliance.

Key Features of the Bill

The bill tabled at the parliament has the following key features:

• The 2023 bill imposes reasonable obligations on data fiduciaries and data processors to safeguard digital personal data.
• Under the 2023 bill, a new Data Protection Board is established, which will ensure compliance, remedies and penalties.
• Under the new bill, the Board has been entrusted with the power equivalent to a civil court, such as the power to take cognisance in response to personal data breaches, investigate complaints, imposing penalties. Additionally, the Board can issue directions to ensure compliance with the act.
• The 2023 bill also secures more rights of Individuals and establishes a balance between user protection and growing innovations.
• The bill creates a transparent and accountable data governance framework by giving more rights to individuals.
• There is an Incorporation of Business-friendly provisions by removing criminal penalties for non-compliance and facilitating international data transfers.
• The new 2023 bill balances out fundamental privacy rights and puts reasonable limitations on those rights.
• The new data protection board will carefully examine the instance of non-compliance by imposing penalties on non-compiler.
• The bill does not provide any express clarity in regards to compensation to be granted to the Data Principal in case of a Data Breach.
• Under 2023 Deemed consent is there in its new form as ‘Legitimate Users’ pertaining to the conditions in regard to Sovernity and Intergrity of India.
• There is an introduction of the negative list, which restricts cross-data transfer.

Additionally, the measure makes special provisions for the processing of children’s personal data and acknowledges the significance of protecting children’s privacy. Additionally, it highlights the rights of the data subjects, including their right to access their personal information, their right to have wrong information corrected, and their right to be forgotten.

Drive4CyberPeace

A campaign was undertaken by CyberPeace to gain a critical understanding of what people understand about Data privacy and protection in India. The 4-month long campaign led to a pan-India interaction with netizens from different areas and backgrounds. The thoughts and opinions of the netizens were understood and collated in the form of a whitepaper which was, in turn, presented to Parliamentarians and government officials. The whitepaper laid the foundation of the recommendations submitted to the Ministry of Electronics and Information Technology as part of the stakeholder consultation.

Conclusion

Overall, the Digital Personal Data Protection Bill of 2023 is an important step towards safeguarding Indian citizens’ privacy and personal data. It creates a regulatory agency to guarantee compliance and enforcement and offers a thorough framework for data protection. The law includes special measures for the protection of sensitive personal data and the personal data of children and acknowledges the significance of striking a balance between the right to privacy and the necessity of data processing.

Introduction

The appeal is to be heard by the TDSAT (telecommunication dispute settlement & appellate tribunal) regarding several changes under Digital personal data protection. The Changes should be a removal of the deemed consent, a change in appellate mechanism, No change in delegation legislation, and under data breach. And there are some following other changes in the bill, and the digital personal data protection bill 2023 will now provide a negative list of countries that cannot transfer the data.

New Version of the DPDP Bill

The Digital Personal Data Protection Bill has a new version. There are three major changes in the 2022 draft of the digital personal data protection bill. The changes are as follows:  The new version proposes changes that there shall be no deemed consent under the bill and that the personal data processing should be for limited uses only. By giving the deemed consent, there shall be consent for the processing of data for any purposes. That is why there shall be no deemed consent.

• In the interest of the sovereignty
• The integrity of India and the National Security
• For the issue of subsidies, benefits, services, certificates, licenses, permits, etc
• To comply with any judgment or order under the law
• To protect, assist, or provide service in a medical or health emergency, a disaster situation, or to maintain public order
• In relation to an employee and his/her rights

The 2023 version now includes an appeals mechanism

It states that the Board will have the authority to issue directives for data breach remediation or mitigation, investigate data breaches and complaints, and levy financial penalties. It would be authorised to submit complaints to alternative dispute resolution, accept voluntary undertakings from data fiduciaries, and advise the government to prohibit a data fiduciary’s website, app, or other online presence if the terms of the law were regularly violated. The Telecom Disputes Settlement and Appellate Tribunal will hear any appeals.

The other change is in delegated legislation, as one of the criticisms of the 2022 version bill was that it gave the government extensive rule-making powers. The committee also raised the same concern with the ministry. The committed wants that the provisions that cannot be fully defined within the scope of the bill can be addressed.

The other major change raised in the new version bill is regarding the data breach; there will be no compensation for the data breach. This raises a significant concern for the victims, If the victims suffer a data breach and he approaches the relevant court or authority, he will not be awarded compensation for the loss he has suffered due to the data breach.

Need of changes under DPDP

There is a need for changes in digital personal data protection as we talk about the deemed consent so simply speaking, by ‘deeming’ consent for subsequent uses, your data may be used for purposes other than what it has been provided for and, as there is no provision for to be informed of this through mandatory notice, there may never even come to know about it.‍

Conclusion

The bill requires changes to meet the need of evolving digital landscape in the digital personal data protection 2022 draft. The removal of deemed consent will ultimately protect the data of the data principal. And the data of the data principal will be used or processed only for the purpose for which the consent is given.  The change in the appellate mechanism is also crucial as it meets the requirements of addressing appeals. However, the no compensation for a data breach is derogatory to the interest of the victim who has suffered a data breach.

Introduction

We consume news from various sources such as news channels, social media platforms and the Internet etc. In the age of the Internet and social media, the concern of misinformation has become a common issue as there is widespread misinformation or fake news on the Internet and social media platforms.

Misinformation on social media platforms

The wide availability of user-provided content on online social media platforms facilitates the spread of misinformation. With the vast population on social media platforms, the information gets viral and spreads all over the internet. It has become a serious concern as such misinformation, including rumours, morphed images, unverified information, fake news, and planted stories, spread easily on the internet, leading to severe consequences such as public riots, lynching, communal tensions, misconception about facts, defamation etc.

Platform-centric measures to mitigate the spread of misinformation

• Google introduced the ‘About this result’ feature’. This allows the users to help with better understand the search results and websites at a glance.
• During the covid-19 pandemic, there were huge cases of misinformation being shared. Google, in April 2020, invested $6.5 million in funding to fact-checkers and non-profits fighting misinformation around the world, including a check on information related to coronavirus or on issues related to the treatment, prevention, and transmission of Covid-19.
• YouTube also have its Medical Misinformation Policy which prevents the spread of information or content which is in contravention of the World Health Organization (WHO) or local health authorities.
• At the time of the Covid-19 pandemic, major social media platforms such as Facebook and Instagram have started showing awareness pop-ups which connected people to information directly from the WHO and regional authorities.
• WhatsApp has a limit on the number of times a WhatsApp message can be forwarded to prevent the spread of fake news. And also shows on top of the message that it is forwarded many times. WhatsApp has also partnered with fact-checking organisations to make sure to have access to accurate information.
• On Instagram as well, when content has been rated as false or partly false, Instagram either removes it or reduces its distribution by reducing its visibility in Feeds.

Fight Against Misinformation

Misinformation is rampant all across the world, and the same needs to be addressed at the earliest. Multiple developed nations have synergised with tech bases companies to address this issue, and with the increasing penetration of social media and the internet, this remains a global issue. Big tech companies such as Meta and Google have undertaken various initiatives globally to address this issue. Google has taken up the initiative to address this issue in India and, in collaboration with Civil Society Organisations, multiple avenues for mass-scale awareness and upskilling campaigns have been piloted to make an impact on the ground.

How to prevent the spread of misinformation?

Conclusion

In the digital media space, there is a widespread of misinformative content and information. Platforms like Google and other social media platforms have taken proactive steps to prevent the spread of misinformation. Users should also act responsibly while sharing any information. Hence creating a safe digital environment for everyone.

Introduction

The US national cybersecurity strategy was released at the beginning of March this year. The aim of the cybersecurity strategy is to build a more defensive and resilient digital mechanism through general investments in the cybersecurity infrastructure. It is important to invest in a resilient future, And the increasing digital diplomacy and private-sector partnerships, regulation of crucial industries, and holding software companies accountable if their products enable hackers in.

What is the cybersecurity strategy  

The US National cybersecurity strategy is the plan which organisations pursue to fight against cyberattacks and cyber threats, and also they plan a risk assessment plan for the future in a resilient way. Through the cybersecurity strategy, there will be appropriate defences against cyber threats.

US National Cybersecurity Strategy-

the national cybersecurity strategy mainly depends on five pillars-

1. Critical infrastructure- The national cybersecurity strategy intends to defend important infrastructure from cyberattacks, for example, hospitals and clean energy installations. This pillar mainly focuses on the security and resilience of critical systems and services that are critical.
2. Disrupt & Threat Assessment- This strategy pillar seeks to address and eliminate cyber attackers who endanger national security and public safety.
3. Shape the market forces in resilient and security has driven-
4. Invest in resilient future approaches.
5. Forging international partnerships to pursue shared goals.

Need for a National cybersecurity strategy in India –

India is becoming more reliant on technology for day-to-day purposes, communication and banking aspects. And as per the computer emergency response team (CERT-In), in 2022, ransomware attacks increased by 50% in India. Cybercrimes against individuals are also rapidly on the rise. To build a safe cyberspace, India also required a national cybersecurity strategy in the country to develop trust and confidence in IT systems.

Learnings for India-

India has a cybersecurity strategy just now but India can also implement its cybersecurity strategy as the US just released. For the threats assessments and for more resilient future outcomes, there is a need to eliminate cybercrimes and cyber threats in India.

Shortcomings of the US National Cybersecurity Strategy-

• The implementation of the United States National Cybersecurity Strategy has Some problems and things that could be improved in it. Here are some as follows:

• Significant difficulties: The cybersecurity strategy proved to be difficult for government entities. The provided guidelines do not fulfil the complexity and growing cyber threats.
• Insufficient to resolve desirable points: the implementation is not able to resolve some, of the aspects of national cybersecurity strategies, for example, the defined goals and resource allocation, which have been determined to be addressed by the national cybersecurity strategy and implementation plan.
• Lack of Specifying the Objectives: the guidelines shall track the cybersecurity progress, and the implementation shall define the specific objectives.
• Implementation Alone is insufficient: cyber-attacks and cybercrimes are increasing daily, and to meet this danger, the US cybersecurity strategy shall not depend on the implementation. However, the legislation will help to involve public-private collaboration, and technological advancement is required.
• The strategy calls for critical infrastructure owners and software companies to meet minimum security standards and be held liable for flaws in their products, but the implementation and enforcement of these standards and liability measures must be clearly defined.

Conclusion

There is a legitimate need for a national cybersecurity strategy to fight against the future consequences of the cyber pandemic. To plan proper strategies and defences. It is crucial to avail techniques under the cybersecurity strategy. And India is increasingly depending on technology, and cybercrimes are also increasing among individuals. Healthcare sectors and as well on educational sectors, so to resolve these complexities, there is a need for proper implementations.

Introduction

Lost your phone? How to track and block your lost or stolen phone? Fear not, Say hello to Sanchar Saathi, the newly launched portal by the government. The smartphone has become an essential part of our daily life, our lots of personal data are stored in our smartphones, and if a phone is lost or stolen, it can be a frustrating experience. With the government initiative launching Sanchar Saathi Portal, you can now track and block your lost or stolen smartphone. The Portal uses a central equipment identity register to help users block their lost phones. It helps you track your lost and stolen smartphone. So now, say hello to Sanchar Saathi, the newly launched portal by the government. Users should keep an FIR copy of their lost/stolen smartphone handy for using certain features of the portal. FIR copy is also required for tracking the phone on the website. This portal allows users to track lost/stolen smartphones, and they can block the device across all telecom networks.

Preventing Data Leakage and Mobile Phone Theft

When you lose your phone or your phone is stolen, you worry as your smartphone holds your various personal sensitive information such as your bank account information, UPI IDs, and social media accounts such as WhatsApp, which cause a serious concern of data leakage and misuse in such a situation. Sanchar saathi portal addresses this problem and serves as a platform for blocking data saved on a lost or stolen device. This feature protects the users against financial fraud, identity thrift, and data leakage by blocking access to your lost or stolen device and ensuring that unauthorised parties cannot access or abuse important information.

How the Sanchar Saathi Portal Works

To file a complaint regarding their lost or stolen smartphones the users are required to provide IMEI (International Mobile Equipment Identity) number. The official website of the portal is https://sancharsaathi.gov.in/ users can access the “Citizen Centric Services” option on the homepage. Then users may, by clicking on “Block Your Lost/Stolen Mobile”, can fill out the form. Users need to fill in details such as IMEI number, contact number, model number of the smartphone, mobile purchase invoice, and information such as the date, time, district, and state where the device was lost or stolen. Users must keep a copy of the FIR handy and fill in their personal information, such as their name, email address, and residence. After completing and selecting the ‘Complete tab’, the form will be submitted, and access to the lost/stolen smartphone will be blocked.

Enhancing Security with SIM Card Verification

Using this portal, users can access their associated sim card numbers and block any unauthorised use. In this way portal allows owners to take immediate action if their sim card is being used or misused by someone else. The Sanchar Saathi Portal allows you to check the status of active SIM cards registered under an individual’s name. And it is an extra security feature provided by the portal. This proactive strategy helps users to safeguard their personal information against possible abuse and identity theft.

Advantages of the Sanchar Saathi Portal

The Sanchar Saathi platform offers various benefits for reducing mobile phone theft and protecting personal data.  The portal offers a simplified and user-friendly platform for making complaints. The online complaint tracking function keeps consumers informed of the status of their complaints, increasing transparency and accountability.

The portal allows users to block access to personal data on lost/stolen smartphones which reduces the chances or potential risk of data leakage.

The portal SIM card verification feature acts as an extra layer of security, enabling users to monitor any unauthorised use of their personal information. This proactive approach empowers users to take immediate action if they detect any suspicious activity, preventing further damage to their personal data.

Conclusion

Our smartphones store large amounts of sensitive information and Data, so it becomes crucial to protect our smartphones from any unauthorised access, especially in case when the smartphone is lost or stolen. The Sanchar Saathi portal is a commendable step by the government by offering a comprehensive solution to combat mobile phone theft and protect personal data, the portal contributes to a safer digital environment for smartphone users.

The portal provides the option of blocking access to your lost/stolen device and also checking the SIM card verification. These features of the portal empower users to take control of their data security. In this way, the portal contributes to preventing mobile phone theft and data leakage.

Introduction

The advancement of technology has brought about remarkable changes in the aviation industry, including the introduction of inflight internet access systems. While these systems provide passengers with connectivity during their flights, they also introduce potential vulnerabilities that can compromise the security of aircraft systems.

Inflight Internet Access Systems

Inflight internet access systems have become integral to the modern air travel experience, allowing passengers to stay connected even at 30,000 feet. However, these systems can also be attractive targets for hackers, raising concerns about the safety and security of aircraft operations.

The Vulnerabilities of Inflight Internet Access Systems:

Securing Networked Avionics

Avionics, the electronic systems that support aircraft operation, play a crucial role in flight safety and navigation. While networked avionics are designed with robust security measures, they are not invulnerable to cyber threats. Therefore, it is essential to implement comprehensive security measures to protect these critical systems.

1. Ensuring Robust Architecture: Networked avionics should be designed with a strong focus on security. Implementing secure network architectures, such as segmentation and isolation, can minimise the risk of unauthorised access and limit the potential impact of a breach.
2. Rigorous Security Testing: Avionics systems should undergo rigorous security testing to identify vulnerabilities and weaknesses. Regular assessments, penetration testing, and vulnerability scanning are essential to proactively address any security flaws.
3. Collaborative Industry Efforts: Collaboration between manufacturers, airlines, regulatory bodies, and security researchers is crucial in strengthening the security of networked avionics. Sharing information, best practices, and lessons learned can help identify and address emerging threats effectively.
4. Continuous Monitoring and Updtes: Networked avionics should be continuously monitored for any potential security breaches. Prompt updates and patches should be applied to address newly discovered vulnerabilities and protect against known attack vectors.

Best practices to be adopted for the security of  Aircraft Systems

1. Holistic Security Approach: Recognizing the interconnectedness of inflight internet access systems and networked avionics is essential. A holistic security approach should be adopted to address vulnerabilities in both systems and protect the overall aircraft infrastructure.
2. Comprehensive Security Measures: The security of inflight internet access systems should be on par with any other internet-connected device. Strong authentication, encryption, intrusion detection, and prevention systems should be implemented to mitigate risks and ensure the integrity of data transmissions.
3. Responsible Practices and Industry Collaboration: Encouraging responsible practices and fostering collaboration between security researchers and industry stakeholders can accelerate the identification and remediation of vulnerabilities. Open communication channels and a cooperative mindset are vital in addressing emerging threats effectively.
4. Robust Access Controls: Strong access controls, such as multi-factor authentication and role-based access, should be implemented to limit unauthorised access to avionics systems. Only authorised personnel should have the necessary privileges to interact with these critical systems.

Conclusion

Inflight internet access systems bring convenience and connectivity to air travel but also introduce potential risks to the security of aircraft systems. It is crucial to understand and address the vulnerabilities associated with these systems to protect networked avionics and ensure passenger safety. By implementing robust security measures, conducting regular assessments, fostering collaboration, and adopting a comprehensive approach to aircraft cybersecurity, the aviation industry can mitigate the risks and navigate the sky with enhanced safety and confidence. Inflight internet access systems and networked avionics are vital components of modern aircraft, providing connectivity and supporting critical flight operations. Balancing connectivity and cybersecurity is crucial to ensure the safety and integrity of aircraft systems.

Introduction

A message has recently circulated on WhatsApp alleging that voice and video chats made through the app will be recorded, and devices will be linked to the Ministry of Electronics and Information Technology’s system from now on. WhatsApp from now, record the chat activities and forward the details to the Government. The Anti-Government News has been shared on social media.

Message claims

• The fake WhatsApp message claims that an 11-point new communication guideline has been established and that voice and video calls will be recorded and saved. It goes on to say that WhatsApp devices will be linked to the Ministry’s system and that Facebook, Twitter, Instagram, and all other social media platforms will be monitored in the future.
• The fake WhatsApp message further advises individuals not to transmit ‘any nasty post or video against the government or the Prime Minister regarding politics or the current situation’. The bogus message goes on to say that it is a “crime” to write or transmit a negative message on any political or religious subject and that doing so could result in “arrest without a warrant.”
• The false message claims that any message in a WhatsApp group with three blue ticks indicates that the message has been noted by the government. It also notifies Group members that if a message has 1 Blue tick and 2 Red ticks, the government is checking their information, and if a member has 3 Red ticks, the government has begun procedures against the user, and they will receive a court summons shortly.

WhatsApp does not record voice and video calls

There has been news which is spreading that WhatsApp records voice calls and video calls of the users. the news is spread through a message that has been recently shared on social media. As per the Government, the news is fake, that WhatsApp cannot record voice and video calls. Only third-party apps can record voice and video calls. Usually, users use third-party Apps to record voice and video calls.

Third-party apps used for recording voice and video calls

• App Call recorder
• Call recorder- Cube ACR
• Video Call Screen recorder for WhatsApp FB
• AZ Screen Recorder
• Video Call Recorder for WhatsApp

Case Study

In 2022 there was a fake message spreading on social media, suggesting that the government might monitor WhatsApp talks and act against users. According to this fake message, a new WhatsApp policy has been released, and it claims that from now on, every message that is regarded as suspicious will have three 3 Blue ticks, indicating that the government has taken note of that message. And the same fake news is spreading nowadays.

WhatsApp Privacy policies against recording voice and video chats

The WhatsApp privacy policies say that voice calls, video calls, and even chats cannot be recorded through WhatsApp because of end-to-end encryption settings. End-to-end encryption ensures that the communication between two people will be kept private and safe.

WhatsApp Brand New Features

• Chat lock feature: WhatsApp Chat Lock allows you to store chats in a folder that can only be viewed using your device’s password or biometrics such as a fingerprint. When you lock a chat, the details of the conversation are automatically hidden in notifications. The motive of WhatsApp behind the cha lock feature is to discover new methods to keep your messages private and safe. The feature allows the protection of most private conversations with an extra degree of security
• Edit chats feature: WhatsApp can now edit your WhatsApp messages up to 15 minutes after they have been sent. With this feature, the users can make the correction in the chat or can add some extra points, users want to add.

Conclusion

The spread of misinformation and fake news is a significant problem in the age of the internet. It can have serious consequences for individuals, communities, and even nations. The news is fake as per the government, as neither WhatsApp nor the government could have access to WhatsApp chats, voice, and video calls on WhatsApp because of end-to-end encryption. End-to-end encryption ensures to protect of the communications of the users. The government previous year blocked 60 social media platforms because of the spreading of Anti India News. There is a fact check unit which identifies misleading and false online content.

Introduction

Microsoft has unveiled its ambitious roadmap for developing a quantum supercomputer with AI features, acknowledging the transformative power of quantum computing in solving complex societal challenges. Quantum computing has the potential to revolutionise AI by enhancing its capabilities and enabling breakthroughs in different fields. Microsoft’s groundbreaking announcement of its plans to develop a quantum supercomputer, its potential applications, and the implications for the future of artificial intelligence (AI). However, there is a need for regulation in the realms of quantum computing and AI and significant policies and considerations associated with these transformative technologies. This technological advancement will help in the successful development and deployment of quantum computing, along with the potential benefits and challenges associated with its implementation.

What isQuantum computing?

Quantum computing is an emerging field of computer science and technology that utilises principles from quantum mechanics to perform complex calculations and solve certain types of problems more efficiently than classical computers. While classical computers store and process information using bits, quantum computers use quantum bits or qubits.

‍Interconnected Future  

Quantum computing promises to significantly expand AI’s capabilities beyond its current limitations. Integrating these two technologies could lead to profound advancements in various sectors, including healthcare, finance, and cybersecurity. Quantum computing and artificial intelligence (AI) are two rapidly evolving fields that have the potential to revolutionise technology and reshape various industries. This section explores the interdependence of quantum computing and AI, highlighting how integrating these two technologies could lead to profound advancements across sectors such as healthcare, finance, and cybersecurity.

1. Enhancing AI Capabilities:

Quantum computing holds the promise of significantly expanding the capabilities of AI systems. Traditional computers, based on classical physics and binary logic, need help solving complex problems due to the exponential growth of computational requirements. Quantum computing, on the other hand, leverages the principles of quantum mechanics to perform computations on quantum bits or qubits, which can exist in multiple states simultaneously. This inherent parallelism and superposition property of qubits could potentially accelerate AI algorithms and enable more efficient processing of vast amounts of data.

1. Solving Complex Problems:

The integration of quantum computing and AI has the potential to tackle complex problems that are currently beyond the reach of classical computing methods. Quantum machine learning algorithms, for example, could leverage quantum superposition and entanglement to analyse and classify large datasets more effectively. This could have significant applications in healthcare, where AI-powered quantum systems could aid in drug discovery, disease diagnosis, and personalised medicine by processing vast amounts of genomic and clinical data.

1. Advancements in Finance and Optimisation:

The financial sector can benefit significantly from integrating quantum computing and AI. Quantum algorithms can be employed to optimise portfolios, improve risk analysis models, and enhance trading strategies. By harnessing the power of quantum machine learning, financial institutions can make more accurate predictions and informed decisions, leading to increased efficiency and reduced risks.

1. Strengthening Cybersecurity:

Quantum computing can also play a pivotal role in bolstering cybersecurity defences. Quantum techniques can be employed to develop new cryptographic protocols that are resistant to quantum attacks. In conjunction with quantum computing, AI can further enhance cybersecurity by analysing massive amounts of network traffic and identifying potential vulnerabilities or anomalies in real time, enabling proactive threat mitigation.

1. Quantum-Inspired AI:

Beyond the direct integration of quantum computing and AI, quantum-inspired algorithms are also being explored. These algorithms, designed to run on classical computers, draw inspiration from quantum principles and can improve performance in specific AI tasks. Quantum-inspired optimisation algorithms, for instance, can help solve complex optimisation problems more efficiently, enabling better resource allocation, supply chain management, and scheduling in various industries.

How Quantum Computing and AI Should be Regulated-

As quantum computing and artificial intelligence (AI) continues to advance, questions arise regarding the need for regulations to govern these technologies. There is debate surrounding the regulation of quantum computing and AI, considering the potential risks, ethical implications, and the balance between innovation and societal protection.

1. Assessing Potential Risks: Quantum computing and AI bring unprecedented capabilities that can significantly impact various aspects of society. However, they also pose potential risks, such as unintended consequences, privacy breaches, and algorithmic biases. Regulation can help identify and mitigate these risks, ensuring these technologies’ responsible development and deployment.
2. Ethical Implications: AI and quantum computing raise ethical concerns related to privacy, bias, accountability, and the impact on human autonomy. For AI, issues such as algorithmic fairness, transparency, and decision-making accountability must be addressed. Quantum computing, with its potential to break current encryption methods, requires regulatory measures to protect sensitive information. Ethical guidelines and regulations can provide a framework to address these concerns and promote responsible innovation.
3. Balancing Innovation and Regulation: Regulating quantum computing and AI involves balancing fostering innovation and protecting society’s interests. Excessive regulation could stifle technological advancements, hinder research, and impede economic growth. On the other hand, a lack of regulation may lead to the proliferation of unsafe or unethical applications. A thoughtful and adaptive regulatory approach is necessary, considering the dynamic nature of these technologies and allowing for iterative improvements based on evolving understanding and risks.
4. International Collaboration: Given the global nature of quantum computing and AI, international collaboration in regulation is essential. Harmonising regulatory frameworks can avoid fragmented approaches, ensure consistency, and facilitate ethical and responsible practices across borders. Collaborative efforts can also address data privacy, security, and cross-border data flow challenges, enabling a more unified and cooperative approach towards regulation.
5. Regulatory Strategies: Regulatory strategies for quantum computing and AI should adopt a multidisciplinary approach involving stakeholders from academia, industry, policymakers, and the public. Key considerations include:

1. Risk-based Approach: Regulations should focus on high-risk applications while allowing low-risk experimentation and development space.
2. Transparency and Explainability: AI systems should be transparent and explainable to enable accountability and address concerns about bias, discrimination, and decision-making processes.
3. Privacy Protection: Regulations should safeguard individual privacy rights, especially in quantum computing, where current encryption methods may be vulnerable.
4. Testing and Certification: Establishing standards for the testing and certification of AI systems can ensure their reliability, safety, and adherence to ethical principles.
5. Continuous Monitoring and Adaptation: Regulatory frameworks should be dynamic, regularly reviewed, and adapted to keep pace with the evolving landscape of quantum computing and AI.

Conclusion:

‍Integrating quantum computing and AI holds immense potential for advancing technology across diverse domains. Quantum computing can enhance the capabilities of AI systems, enabling the solution of complex problems, accelerating data processing, and revolutionising industries such as healthcare, finance, and cybersecurity. As research and development in these fields progress, collaborative efforts among researchers, industry experts, and policymakers will be crucial in harnessing the synergies between quantum computing and AI to drive innovation and shape a transformative future.The regulation of quantum computing and AI is a complex and ongoing discussion. Striking the right balance between fostering innovation, protecting societal interests, and addressing ethical concerns is crucial. A collaborative, multidisciplinary approach to regulation, considering international cooperation, risk assessment, transparency, privacy protection, and continuous monitoring, is necessary to ensure these transformative technologies' responsible development and deployment.

Introduction

With the increasing frequency and severity of cyber-attacks on critical sectors, the government of India has formulated the National Cyber Security Reference Framework (NCRF) 2023, aimed to address cybersecurity concerns in India. In today’s digital age, the security of critical sectors is paramount due to the ever-evolving landscape of cyber threats. Cybersecurity measures are crucial for protecting essential sectors such as banking, energy, healthcare, telecommunications, transportation, strategic enterprises, and government enterprises. This is an essential step towards safeguarding these critical sectors and preparing for the challenges they face in the face of cyber threats. Protecting critical sectors from cyber threats is an urgent priority that requires the development of robust cybersecurity practices and the implementation of effective measures to mitigate risks.

Overview of the National Cyber Security Policy 2013

The National Cyber Security Policy of 2013 was the first attempt to address cybersecurity concerns in India. However, it had several drawbacks that limited its effectiveness in mitigating cyber risks in the contemporary digital age. The policy’s outdated guidelines, insufficient prevention and response measures, and lack of legal implications hindered its ability to protect critical sectors adequately. Moreover, the policy should have kept up with the rapidly evolving cyber threat landscape and emerging technologies, leaving organisations vulnerable to new cyber-attacks. The 2013 policy failed to address the evolving nature of cyber threats, leaving organisations needing updated guidelines to combat new and sophisticated attacks.

As a result, an updated and more comprehensive policy, the National Cyber Security Reference Framework 2023, was necessary to address emerging challenges and provide strategic guidance for protecting critical sectors against cyber threats.

Highlights of NCRF 2023

Strategic Guidance: NCRF 2023 has been developed to provide organisations with strategic guidance to address their cybersecurity concerns in a structured manner.

Common but Differentiated Responsibility (CBDR): The policy is based on a CBDR approach, recognising that different organisations have varying levels of cybersecurity needs and responsibilities.

Update of National Cyber Security Policy 2013: NCRF supersedes the National Cyber Security Policy 2013, which was due for an update to align with the evolving cyber threat landscape and emerging challenges.

Different from CERT-In Directives: NCRF is distinct from the directives issued by the Indian Computer Emergency Response Team (CERT-In) published in April 2023. It provides a comprehensive framework rather than specific directives for reporting cyber incidents.

Combination of robust strategies: National Cyber Security Reference Framework 2023 will provide strategic guidance, a revised structure, and a proactive approach to cybersecurity, enabling organisations to tackle the growing cyberattacks in India better and safeguard critical sectors. Rising incidents of malware attacks on critical sectors

In recent years, there has been a significant increase in malware attacks targeting critical sectors. These sectors, including banking, energy, healthcare, telecommunications, transportation, strategic enterprises, and government enterprises, play a crucial role in the functioning of economies and the well-being of societies. The escalating incidents of malware attacks on these sectors have raised concerns about the security and resilience of critical infrastructure.

Banking: The banking sector handles sensitive financial data and is a prime target for cybercriminals due to the potential for financial fraud and theft.

Energy: The energy sector, including power grids and oil companies, is critical for the functioning of economies, and disruptions can have severe consequences for national security and public safety.

Healthcare: The healthcare sector holds valuable patient data, and cyber-attacks can compromise patient privacy and disrupt healthcare services. Malware attacks on healthcare organisations can result in the theft of patient records, ransomware incidents that cripple healthcare operations, and compromise medical devices.

Telecommunications: Telecommunications infrastructure is vital for reliable communication, and attacks targeting this sector can lead to communication disruptions and compromise the privacy of transmitted data. The interconnectedness of telecommunications networks globally presents opportunities for cybercriminals to launch large-scale attacks, such as Distributed Denial-of-Service (DDoS) attacks.

Transportation: Malware attacks on transportation systems can lead to service disruptions, compromise control systems, and pose safety risks.

Strategic Enterprises: Strategic enterprises, including defence, aerospace, intelligence agencies, and other sectors vital to national security, face sophisticated malware attacks with potentially severe consequences. Cyber adversaries target these enterprises to gain unauthorised access to classified information, compromise critical infrastructure, or sabotage national security operations.

Government Enterprises: Government organisations hold a vast amount of sensitive data and provide essential services to citizens, making them targets for data breaches and attacks that can disrupt critical services.

Conclusion  

The sectors of banking, energy, healthcare, telecommunications, transportation, strategic enterprises, and government enterprises face unique vulnerabilities and challenges in the face of cyber-attacks. By recognising the significance of safeguarding these sectors, we can emphasise the need for proactive cybersecurity measures and collaborative efforts between public and private entities. Strengthening regulatory frameworks, sharing threat intelligence, and adopting best practices are essential to ensure our critical infrastructure’s resilience and security. Through these concerted efforts, we can create a safer digital environment for these sectors, protecting vital services and preserving the integrity of our economy and society. The rising incidents of malware attacks on critical sectors emphasise the urgent need for updated cybersecurity policy, enhanced cybersecurity measures, a collaboration between public and private entities, and the development of proactive defence strategies. National Cyber Security Reference Framework 2023 will help in addressing the evolving cyber threat landscape, protect critical sectors, fill the gaps in sector-specific best practices, promote collaboration, establish a regulatory framework, and address the challenges posed by emerging technologies. By providing strategic guidance, this framework will enhance organisations’ cybersecurity posture and ensure the protection of critical infrastructure in an increasingly digitised world.