The use of Internet has been a boon to crime syndicates, radicals and terrorists. Al Qaeda used it for the 9/11 attack through coded messages for recruitment, planning, funding and execution. Today the ISIS and other terrorist organisations have been using cyberspace similarly. Cyber crime has gone up exponentially. Frost & Sullivan Global Cyber Security Market Assessment, 2014, says cybercrime has a global cost greater than that of trafficking in marijuana, heroin and cocaine with an estimated one cybercrime victim in every three Internet users.

Cyber warfare and cybercrime are a growing threat, now more than ever. The consumer shift towards the interconnectivity of personal computers, tablets and mobile phones is creating new opportunities for criminals to access critical personal data, in addition to increasing number of devices connected to the Internet. In their assessment, the global cyber security market is expected to grow at a compound annual growth rate of 11.8 per cent from $71 billion in 2013 to $155 billion in 2020. Critical national assets, organisational and physical structures and facilities too require enormous effort and expenditure.

Last year, the discovery of the ISIS twitter account operator ‘Mehdi’ alias ‘Shami Witness’, ex Bengaluru, jolted India. He was recruiting volunteers for ISIS past several years, abetted ISIS in its agenda to wage war against Asiatic powers and had posted the video of US aid worker Peter Kassig’s beheading several times on his account. Twitter India when questioned said they would not comment on individual accounts, for privacy and security reasons and only review reported accounts against their rules, which prohibit direct, specific threats of violence against others. Post the Mehdi episode, a former NSA went on record to say that some 100 Indians were engaged in Mehdi type of activities on the Internet. Other social media too is being used for such purpose. Possibly that the false news of rapes and photos posted on social media during 2013 of homes attacked and burnt that forced the exodus of north-east youth working in Bengaluru and Delhi was handiwork of radicals. Similarly, the WhatsApp message purportedly by a young officer post the terrorist attack on an army camp in Uri during 2014 too could have been by radicals aimed at creating dissension in the army’ rank and file.

The National Investigation Agency (NIA) had reported earlier that the Indian Mujahideen (IM) cadres have been using proxy servers and complex code to chat: setting up e-mail accounts that disappear if they not accessed in 24 hours, proxy servers to camouflage geographical location, encrypted files and complicated code language; use of US-based Yahoo Inc, Paltalk Inc, Sophidea Inc and Hurricane Electric, plus providers in Nepal, Canada and Ireland; IP address of Nimbuzz chat traced to Pakistan Telecom Company Ltd and others traced to France, Germany, Netherlands, Nepal and India.

Additionally, Riaz Bhatkal and his close aides are known to run a high-tech command centre in Karachi to communicate with terror cells in India and Nepal, and possibly even Maldives, Sri Lanka and Bangladesh. In 2012, the Al Qaeda ‘electronic jihad’ against the US through a video message, calling for cyber attacks against US Government networks and critical infrastructure including the electric grid. US intelligence officials assessed Al Qaeda could even ‘purchase’ such capabilities to do so from expert criminal hackers; engineering devastating attack on the electric grid, water delivery systems and financial networks. This led to calls for new legislation to protect critical networks necessary to protect national and economic security, urging the Senate to act on the bipartisan Cyber Security Act that requires minimum security performance requirements for key critical infrastructure cyber networks. We have the IT Act that has been amended many times and announcement of various task forces on cyber security have been made from time to time.

Some progress has also been made in terms of public-private partnership. Total security against cyber attacks is misnomer but we can mitigate such threats to a large extent by establishing a robust mechanism to govern the use of IT in the country, centralised structure for proactive defence of information assets, effective cyber forensic analysis and regulatory risk evaluation enabled through legislation and across the board cyber-security awareness and training, all of which cannot be ignored in interest of national security.