Cyber Security, CERT-In & RTI Act

timer
1 min read

What’s in Today’s Article?

  • Why in the News?
  • What is Cybersecurity?
  • Cases of Cyber-attacks in India
  • About Indian Computer Emergency Response Team (CERT-In)
  • News Summary
  • About Right to Information Act, 2005
  • Who is Covered under the RTI?

Why in the News?

  • The Central government has exempted the Indian Computer Emergency Response Team (CERT-In) from the purview of the Right to Information Act, 2005.

What is Cybersecurity?

  • Computer security, Cybersecurity or Information Technology Security is the protection of computer systems and networks from cyber-attacks that cause information disclosure, theft of or damage to their hardware, software, or electronic data.

Cases of Cyber-attacks in India

  • As per the government data presented in the Parliament, nearly 1.16 million cases of cyber-attacks in India were reported in 2020, marking an average of 3,137 cyber security issues reported every day of the year.
  • The Internet Crime Report by the FBI revealed that India is ranked third in the world among the top 20 countries being victimized by cyber-crimes.
  • At present, India does not have any dedicated cyber security law.

About Indian Computer Emergency Response Team (CERT-In)

  • CERT-In has been operational since 2004.
  • It is an office within the Ministry of Electronics and Information Technology.
  • It is the nodal agency to deal with cyber security threats like hacking and phishing. It strengthens security-related defence of the Indian Internet domain.
  • In the Information Technology Amendment Act, 2008, CERT-In has been designated to serve as the national nodal agency to perform various functions in the area of cyber security
  • It performs following functions in the area of cyber security:
    • Collection, analysis and dissemination of information on cyber incidents
    • Forecast and alerts of cyber security incidents
    • Emergency measures for handling cyber security incidents
    • Coordination of cyber incident response activities
    • Issue guidelines, advisories relating to information security practices, procedures, prevention, etc.

News Summary

  • The Department of Personnel and Training (DoPT) has issued a notification stating that Central government has exempted the Indian Computer Emergency Response Team (CERT-In) from the purview of the Right to Information Act, 2005.
  • The CERT-In comes under the Ministry of Electronics and Information Technology.
  • In March 2023, Minister of State for Electronics and Information Technology Rajeev Chandrasekhar had informed Rajya Sabha that the “procedure of inter-departmental consultation” was on to discuss exemption of the CERT-In from the RTI Act.
    • The RTI law empowers the Central government to amend the Second Schedule by including therein any other intelligence or security organisation established by it or omitting therefrom any organisation already specified therein.
  • The CERT-In now joins the list of 26 other intelligence and security organisations, which are already exempted from the purview of the Act.

About Right to Information Act, 2005

  • Right To Information is derived from the fundamental right of freedom of speech and expression under Article 19 of the Constitution.
    • If we do not have information on how our Government and Public Institutions function, we cannot express any informed opinion on it.
  • The basic object of the Right to Information Act is to empower the citizens, promote transparency and accountability in the working of the Government.
  • The Act and its rules define a format for –
    • requisitioning information,
    • a time period within which information must be provided,
    • a method of giving the information,
    • charges for applying and
    • exemptions of information which will not be given.
  • Key Provisions of the RTI Act include –
    • Sec. 4of the Act imposes an obligation on public authorities to maintain its records duly catalogued and indexed in a manner and form which facilitates the right to information under the Act.
    • Sec. 6of the Act entitles a person desirous of obtaining any information under the Act, to make a request in writing to the Central or State Public Information Officer specifying the particulars of the information sought by him.
    • Sec. 7of the Act requires the Public Information Officer to either provide the information or reject the request for any of the reasons specified in Secs. 8 and 9 within 30 days of receipt of the request.
    • Under Sec.19, if a person does not receive a decision within 30 days or is aggrieved by a decision of the Public Information Officer, he may prefer an appeal to an Officer who is senior in rank to the Public Information Officer in that Public Authority.
    • Exemptions under the Act – the information sought must not be related to defence, national security, or personal details.
  • Before the advent of the RTI act, the disclosure of information in India was restricted by the Official Secrets Act and some other special laws. The RTI Act relaxed many such laws in the country.

Who is Covered under the RTI?

  • The RTI Act, 2005 extends to the whole of India.
  • All bodies, which are constituted under the Constitution or under any law or under any Government notification or all bodies, including NGOs, which are owned, controlled or substantially financed by the Government are covered.
  • All private bodies, which are owned, controlled or substantially financed by the Government are directly covered.

Q1) In terms of cyberattacks, what is the difference between Phishing & Spoofing? 

Spoofing is a technique used to disguise the sender's identity, while phishing is a method used to trick the recipient into divulging personal information or performing an action.

Q2) What is Malware in Computers?

Malware, short for malicious software, refers to any intrusive software developed by cybercriminals (often called hackers) to steal data and damage or destroy computers and computer systems. Examples of common malware include viruses, worms, Trojan viruses, spyware, adware, and ransomware.


Source: Govt takes apex cyber security agency out of public’s right to know | CERT-In