Need for centralized repository for cybercrime: ASSOCHAM-EY study

There is a need to establish a centralized repository for cybersecurity standards, best practices and guidelines, which can be used by law enforcement agency for preventing and investigating cybercrime, noted the conducted by The Associated Chambers of Commerce and Industry of India (ASSOCHAM) jointly with EY.

A dedicated national governing unit may be established in India, which will be the central agency for all state government cybercrime agencies to coordinate, integrate and share information related to cybercrime. Such a central agency will be responsible for driving all the cybercrime prevention initiatives, such as collaboration with private sectors, and training and awareness across the country.

The Government should provide well defined citizen awareness programs aimed at preventing cybercrime as a proactive mitigation. This has to be achieved through multiple media, such as print, radio and web to ensure faster and maximum reachability with local and national languages. Cybercrime awareness shall be introduced in academics in the early stages of education as a mandate for all the state and central, and public and private schools, adds the study.

Releasing the joint study, D S Rawat, Secretary General ASSOCHAM said, Mechanisms shall be established for independent monitoring of awareness program at regular intervals to evaluate the number of people/regions covered. Awareness material shall be updated regularly to cover up-to-date information.

In order to increase the rate of reporting cybercrime, it is important to have provisions for online reporting of the crime. Using this system, an online cybercrime complaint can be made by the victims of cybercrime. They will gain access to a convenient and easy-to-use reporting mechanism that alerts law enforcement authorities of suspected criminal or civil violations. Also, it will provide a central repository for reference to law enforcement and regulatory agencies at the national, state and local level.

A centralized database of cybercriminals should be maintained so that the criminals released from jails may be monitored. Such checks will discourage cybercriminals from engaging in spurious activities in cyberspace. Many countries, such as the USA and Australia have maintained a central repository of cybercriminals, noted the joint study.

It will be beneficial to have collaborations with International Cyber Security Protection Alliance, such as the Australian Cyber Security Centre (ACSC), National Crime Agency’s National Cyber Crime Unit (NCCU) and the UK’s CEOP. This will help in not only adopting the best practices by other countries for prevention of cybercrime, but also in increasing the capability, knowledge, training, skills, capacity and expertise of cyber security task forces. Additionally, it will help to reduce the harm caused to businesses, customers and citizens due to international cyberattacks.

India should be actively engaged as part of the international cybercrime associations centered on Asia/Europe and America to seek help and contribute for international cybercrime issues, said RAwat.

Skilled law enforcement personnel are the need of the hour, considering the highly technical and advanced nature of cybercrime being reported. To gear up to speed in containing and preventing cybercrime, there is a need to engage more cybercrime investigation professionals such personnel may be deployed at state level with access to dedicated laboratories for analysis at each state. Such teams also need to be part of the police team investigating cybercrimes. There should be a special recruitment for personnel to man cyber cells at every police station.

There is a need to increase the number of cybercrime cells and laboratories in the states and provide requisite manpower, training and infrastructure to them. Initiatives to setup the cybercrime cells and laboratories in states where these do not exist, and also upgrade and strengthen the existing cybercrime cells is required to cope up with the rapid cybercrimes.

In addition to the existing mechanisms, a strategy needs to be documented, which states the vision, objective and approach for cybercrime prevention in India. A definite cybercrime prevention program may originate as a specific recommendation of such a document.

The strategy and execution of cybersecurity needs to be developed with clear vision for addressing challenges related with cybercrime in the short term and mid-term with possible review mechanism to a long-term approach in this domain. The global practices from mature law enforcement organizations, such as the Federal Bureau of Investigation (FBI) and Interpol need to be leveraged and adopted as per their feasibility as part of the Indian cybercrime strategy.

Cybercrime, it is imperative that efforts and resources are dedicated to operationalize a nation’s cybersecurity strategy. If such initiatives are driven from the highest level of the government, it ensures that all stakeholders are interested and engaged in contributing to the success of any initiatives or programs. Such commitment, though it is an important enabler, is not sufficient to guarantee the success of any initiative or program. Monitoring and review mechanisms are essential to analyze and assess progress as well as consider measures for re-calibration and course correction as may be required.

It is important to define milestones and operationalize the strategy as per the desired impact of initiatives, which are being undertaken. A sample road map basis impact of initiatives is presented below. While several initiatives may commence in parallel, the graph presents a view of their impact on the overall ecosystem for combating cybercrime.

Spread awareness on cybercrime prevention since the cybercriminals are constantly inventing new ways to attack and are in search of potential victims. In fact, some of the most recent attacks on critical infrastructure of a few countries were perpetuated and successfully executed due to the low awareness level of most users, through phishing and social engineering methods.