Protection Against Harm to National Security: The Silent Battlefield of Cyber, Economic, and Biological Threats
Dr Banusri VelpandianSenior Law Specialist Salil Kumar TripathyCo–author, Legal Consultant Introduction: A New Era of Threats National security has evolved in recent times due to significant transformations in the concepts of state sovereignty, power dynamics, and economic development. New threats extend beyond traditional notions of national security, which were primarily focused on territorial integrity and military aggression. Today, national security encompasses a broader range of issues, including cybersecurity, economic security, food security, energy security, and environmental security. In response to these challenges, several European nations including Germany, France, Poland, Italy, and the UK, are increasing their defense spending.2 This investment aims to enhance comprehensive and collaborative projects that bolster military readiness to counter both visible and less imminent but equally dangerous threats that could jeopardize national security. There must be a diverse array of mitigation strategies adopted to address modern-day risks, which can include cyber and digital threats, information and psychological threats, economic threats, and biological threats. This article will address the present and probable future of India’s legal framework in the given domain along with selected global best practices. The Invisible Frontline: Defending Against Digital Warfare Cyber threats have become increasingly prominent with the rise of technology. Cyber criminals can operate from remote locations while targeting critical infrastructure that holds sensitive information. These attacks can pose significant concerns, especially when they have agendas aimed at disrupting peace and causing societal upheaval. Cyber-crimes can also involve extortion for financial gain through ransomware attacks3. These malicious programs are designed to completely block access to a system and encrypt sensitive data, which can be detrimental to state operations and the functioning of various agencies. India ranks as one of the leading countries affected by ransomware, currently holding the 9th position globally. A notable incident involved Fullerton India Credit Ltd., a non-banking financial company, which was attacked by LockBit 3.0, resulting in the breach of 600GB of sensitive data.4 The situation becomes even more serious when these cyber-attacks are used as a weapon by enemy countries. They can disrupt critical systems and damage essential infrastructure, resulting in significant material losses and potentially causing loss of life for the nation as a whole. Hence, this can be referred as cyberwarfare5. Cyber warfare can serve as a tool for espionage, enabling the unethical monitoring and theft of data from other countries. This often involves phishing attacks to infiltrate systems and gain access to sensitive information.6 If cybersecurity measures and safeguards are inadequate, breaches of classified information can jeopardize government schemes and initiatives, potentially harming the country by manipulating vital data. Such sabotage can disrupt essential services like electricity supply, as cybercriminals may target power grids, disabling critical systems and interfering with infrastructure and communication services. With the rise of AI systems, cyber attackers now manipulate public opinion on a large scale. The risk is particularly pronounced in defense, as AI is increasingly used in autonomous drones and missiles where attacks executed without human intervention can lead to extensive damage to infrastructure and disrupt machinery in undetectable ways without thorough investigation7. Advanced nations formulate strategies that emphasize the importance of safeguarding emerging technologies, addressing not only cyber security issues but also regulating them while promoting democracy and freedom. Accordingly, in India, where risk mitigation is centralized, there ought to be specialized mechanisms for cyber security and prioritizing national interests. The ongoing institutional exercises may enhance cyber preparedness and evaluating appropriate responses in the event of a cyber incident but substantial high-end infra requirements are to be met to meet the ends of effective countering of all threats with robust strategies. Furthermore, the mix of strategies should also include stakeholder engagement, to proactively identify and neutralize any cyber threats that could damage national infrastructure and critical networks. The comparative legal frameworks in the domain are placed below for ready reference; Country Legal Framework Key Provisions Relevance to Cyber Warfare India Information Technology Act 2000 (Amended 2008) Sec 66F: Cyber terrorism (life imprisonment); Sec 70: Protected systems; Sec 69: Interception powers Cyber terrorism, critical infrastructure National Cyber Security Strategy 2020 21 focus areas including CII protection, supply chain security, advanced tech integration National cyber strategy coordination United States Cybersecurity Information Sharing Act (CISA) 2015 6 USC S.1502-1505: Threat info sharing, monitoring authorization, liability protections Public-private threat intelligence sharing Federal Information Security Modernization Act (FISMA) 2014 44 USC S.3551: Federal cybersecurity programs, incident reporting, DHS oversight Federal agency cybersecurity compliance Computer Fraud and Abuse Act (CFAA) 1986 18 USC S.1030: Unauthorized access, damage to protected computers (up to 20 years) Computer crime prosecution National Defense Authorization Act (NDAA) – Annual Annual cyber provisions: AI security centers, spyware protection, supply chain security Military cyber operations, defense United Kingdom Computer Misuse Act 1990 (Amended 2015) Sec 3ZA: Serious damage offenses (life imprisonment); Sec 1-3: Unauthorized access/modification Computer misuse, infrastructure attacks Investigatory Powers Act 2016 Parts 1-9: Interception warrants, equipment interference, bulk data collection Intelligence surveillance powers National Cyber Security Strategy 2022 3 pillars: Strengthen ecosystem, deter actors, develop capabilities; National Cyber Force National cyber force, offensive ops Australia Cybercrime Act 2001 Div 477: Serious computer offenses (life imprisonment); Div 478: Other computer offenses Commonwealth computer crimes Security of Critical Infrastructure Act (SOCI) 2018 Parts 2-6A: 11 critical sectors, risk management, government intervention powers Critical infrastructure protection Cyber Security Act 2024 Ransomware reporting, IoT security standards, National Cyber Security Coordinator Ransomware response, IoT security Privacy Act 1988 – Data Breach Notification Mandatory breach notification for eligible data breaches Data breach incident response To maintain national security and mitigate threats, India has developed significant defense systems, enhanced supply chain security and infrastructure, and invested in research and development to improve data management systems and is establishing robust defense mechanisms. To bolster resilience against advanced cyber threats, India can adopt best practices from countries like the U.S., U.K., and Australia for establishing formal public-private threat intelligence sharing, sector-specific regulatory approach for Critical Information Infrastructure (CII), mandatory incident reporting for ransomware and IoT security standards. The Weaponizaxtion of Words: Countering Disinformation and Radicalization The…