Research Paper
Intellectual Property and Copyrights
Need for Cyber Space Laws in the 21st Century Semester VIII
Submitted to:
Sir Imran Wajid
Submitted by:
Syed Junaid Ali Shah
Roll No.
047-BSCS-2013
Section:
B
Syed Junaid Ali
047-BSCS-2013
Section-B
What is Cyberspace?
Cyberspace deals with the interconnections between different machines (computers, smartphones, etc.) thorough a well defined network system without the regard of geographic areas. Abstract:
As everybody everywhere in the world intentionally or unintentionally have to contact with the internet through some social websites, shopping online or for some business activities, commencing, etc. As cyberspace deals with the telecommunications and all activities under this banner so it is too dangerous for everybody to ignore the subject of cyberspace crimes and other vulnerable activities over internet. Cyberspace is now becoming top most priority of government agencies and high profile companies to make sure that their data is secured and far away from unauthorized access. For this reason they monthly used to spend millions of Dollars on cyber security. Types of Threats:
Some of the most serious and important challenges of 21st century are to recognize and identify the threats under the banner of Cyberspace. Threats evolves form all kinds of sources and create a huge damages to individuals, companies, governments agencies, etc. These threats are significantly effects on: 1. Public safety 2. Nationwide security 3. Support the globally linked international communities. Cybersecurity Policy
The cybersecurity policy is a developing mission that gratify to the entire field of Information and Communication Technology (ICT) users and providers. It includes 1. Home users, 2. Small, medium, and large Enterprises 3. Government and non-government entities
It serves as a legal framework that defines and guides the activities concerned with the security of cyberspace. It enforces all organizations and government agencies to dev elop policies to secure all networking activities Cyberspace laws deals with: 1. 2. 3. 4.
Cyber Crimes, Electronic and Digital signals, Intellectual Property, Data protection and privacy
Syed Junaid Ali
047-BSCS-2013
Section-B
Risks
As our massive data is open and easily available to the attackers we people on daily basis used to upload our pictures and videos over social media they are easily accessible to hackers and our mails and Gdrive or other dropbox such storage places are even hackable. So we can say any data places over internet is not safe. There are large number of Cyber crimes. Some of them are: 1. 2. 3. 4. 5. 6. 7. 8. 9.
Botnets Distributed denial-of-service (DDoS) Hacking Malware Phishing Ransomware Spamming Spoofing Spyware
10. Trojan Horses 11. Viruses 12. Wi-Fi Eavesdropping 13. Online Dating Scams 14. Social Networking Scams 15. Scam Directory 16. child pornography 17. Prostitution 18. white collar crimes
IT Law:
A law made by international community to regulate the networking activities. Salient features of IT Act, 2000 1. It is objective of I.T. Act 2000 to give legal recognition to any transaction which is done by electronic way or use of internet. 2. To give legal recognition to digital signature for accepting any agreement via computer. 3. To provide facility of filing document online relating to school admission or registration in employment exchange. 4. According to IT Act 2000, any company can store their data in electronic storage. 5. To stop computer crime and protect privacy of internet users. 6. To give legal recognition for keeping books of accounts by bankers and other companies in electronic form. 7. To make more power to IPO, RBI and Indian Evidence act for restricting electronic crime. Need of Cyber Law:
The modern thief can steal more with a computer than with a gun, advanced terrorist are able to create more damage with keyboard than with a bomb. Cyber Law become the most important issue for security agencies nowadays. Cyberspace laws play a vital role because: 1. Internet has change the way we think, the way we do commerce and the way we perceive ourselves. 2. IT has effects all walks of life all over the world. 3. Cyberspace has given a new way to explain criminal tendencies. 4. The role of real world cannot implement upon virtual world. 5. Like every fields of life the networking also demands rules and regulations. 6. Cyberspace is open to participation by all. 7. IT has brought transition from paper to paperless environment
Syed Junaid Ali
047-BSCS-2013
Section-B
Cyber Crimes differ from most terrestrial crimes in four ways: 1. They are easy to learn how to commit. 2. They require few resources relative to the potential damage caused. 3. They can be committed in a jurisdiction without being physically present in it. 4. They are often not clearly illegal. Cyberspace laws deals with: 1. 2. 3. 4.
Cyber crimes, Electronic and Digital signals, Intellectual Property, Data protection and privacy
CYBER SECURITY:
Privacy and security of the data is always a major security measures that any organization and individual has to focus on. We are living in a society where all the information is kept in a digital or a cyber form. Social networking sites, where users feel safe and free to posts videos and pictures to remain in contact with friends and family. Home users must refrain from this and also make their bank transactions confidential, so that no one can easily get access to it and use it as he wills. This is the basic form of cyber security. On corporate and government level the contracts and transactions also kept confidential. Cyber Warfare:
Cyber warfare contains nation-states using information technology to invade another nation’s networks to cause disruption. These attacks are done b y the hackers working or not working under government agencies. Cyberattack against U.S. interests to date, hacking took place on large scale 30,000 Saudi Arabia-based ARAMCO personal computers erased all data from their hard drives. In the 2008 South Ossetia war, Russia’s initial attacks on Georgian soil were done by a synchronized cyber attack that paralyzed Georgian government websites. Cyber Espionage
Cyber espionage is to obtain secret information without permission from its owners or holders using information technology. Cyber espionage is most usually used to gain military, economic, political, or strategic advantage. It is done with the help of cracking techniques and malware. The Office of the National Counter Intellegence Executive US released a report in 2011 officially recognizing the logical threat of cyber espionage and its potential to damage the United States’ strategic economic advantage. Role of Cyber Law:
Cyberspace law helps to tackle the malicious and vulnerable activities through networking, many countries have also analyzed their respective domestic criminal laws so as to minimize computer related crimes. As the terrestrial law cannot implement over the virtual or network created environment so cyberspace laws plays it vital role to meet the challenges over networking
Syed Junaid Ali
047-BSCS-2013
Section-B
telecommunication computing activities to reduced the danger of computing threats and computer related crimes. Web pages like e-commerce sites recently hit by widespread, distributed denial of service attacks may not be control by old physical laws. Some of the major discipline where cyber law actively performing its roles: 1. 2. 3. 4. 5.
Cyber Laws defines the norms and disciplines of computer related activities. Cyber Laws facilitate in giving the right to enter into legally enforceable digital contracts. Cyber Laws facilitate to keep the Cyber properties. Cyber Laws facilitates in managing online business. Cyber Laws facilitates in providing legal reorganization for Electronic documents and Digital signature.
Cybersecurity Education & Career Development:
Developed countries like USA, UK, China, Japan, etc undertook rapid steps to give awareness about Cyberspace to their young professionals. These countries organizes seminars and initiate undergraduate and graduate programs to produce skillful Cyberspace engineers and professionals to perform leading roles in government and corporate level to manage their data and secure unauthorized access to their important data. Nowadays, the most attractive jo bs in government and corporate level are for Cyber Engineers. Role of Government in Cyber Security:
For government, cybersecur ity isn’t only a challenge, it’s a big obstacle to long awaited digital transformation. Cyber crimes become top most agenda for both government and companies. Approximately £26 billion UK and $1 trillion US government spends on Cyber security in 2015. Last year is believed to be the most damaging cyberattack against U.S. interests to date, hacking took place on large scale 30,000 Saudi Arabia-based ARAMCO personal computers erased all data from their hard drives. Sword of Justice, a militant Islamic group, took credit despite the analysts of U.S. Defense Department believes that the government of Iran provided support. Cybersecurity policy begins with the understanding to what extend government can do to prevent cyber crimes or cyber attacks. Government has to do collaborative and effective works in following three key areas to develop a sound response to cyber threat: 1. Most of the critical national infrastructure are in the private hands, this indicates to make National cyber security strategies effective the involvement of private sector is necessary. The government must make a comfortable environment where private sector can easily and confidentially discuss security strategies and problems with government. 2. Universities and education sectors play an important role in identifying and developing skillful people who can make strategies and build a strong defense system. Government has to make sound link with universities, educational and research sectors to fill the vacancies for cybersecurity engineers to make organizations and government agencies more secure and produce more skillful engineers. 3. Cyber security is an international problem, yet it has taken ten years for the first few countries to sign up to the Budapest Convention. New international agreements are requires to better cope up with significant and expensive problem.
Syed Junaid Ali
047-BSCS-2013
Section-B
Governments must also understand that many of those carrying out hacking attacks are young, talented and alienated from wider society. Their skills should be recognized and can bringing up as part of a national response to cyber crime. Cyber Security for Organizations:
For an organization to ensure cyber security following procedures has to follow: 1. Network security 2. Application security 3. Endpoint security 4. Data security 5. Identity management 6. Database and infrastructure security 7. Cloud security 8. Mobile security 9. Disaster recovery/business continuity planning 10. End-user education
Networking Security is to secure the domain or internet protocols use by the organization. Application security to ensure that the application available for the end users would not hackable. Data and database security, the data available to end user must be free form unauthorized modifications. Identity management, only authorized people can get ac cess and modify data. Cloud security, the storage places where companies’ data reside should be secured. End user education, user trainings must took place periodically. Following 11 steps must be carried out by organizations to get protection against cyber extortion: 1. Know your data, 2. Create file back-ups, data back-ups and back-up bandwidth capabilities, 3. Train employees to recognize spear phishing, 4. Do background checks on employees, 5. Limit administrative capabilities for systems and social footprint, 6. Ensure systems have appropriate firewall and antivirus technology, 7. Have data breach prevention tools, including intrusion detection, 8. Update security software patches in a timely manner, 9. Include DDoS security capabilities, 10. Put a plan in place to manage a data breach 11. Protect your business with insurance coverage designed to address cyber risks.
One of the major cause of unpleasant attacks is Lack of Training : With the advancement in technology and security procedures periodic training is necessary. Organizations should take company staff as well IT staff for training purpose because both training topics may differ. IT staff requires more in-depth training regarding IT system and administration.
Syed Junaid Ali
047-BSCS-2013
Section-B
Advantages of Trainings are:
Avoid Potential risks:
IT training are more beneficial to avoid potential training. Employees get to know how to use softwares and technologies to prevent form data breach and hacking thus potential risks going to reduce
Build a Secure Environment:
Periodic training and knowledge about reduction of data breach and actions to perform when such unpleasant incident occurs create a secure environment to handle any kind of security threats.
Support of Senior Management Level:
If all employee chain from manager to lowest one, working through an advance software(like SharePoint) after training the rapid response of seniors and all actions done by juniors are kept monitors then the chances of data breach is going to reduce.
