|
Listen to this story
|
Since 2004, October has been recognised as Cyber Awareness month to raise awareness about cyber security. Dr Gaurav Gupta, the first Indian to earn a doctorate in the field of digital forensics, is on a mission to create awareness about technological fraud in society.
He was bestowed with the Young Scientist Award of the Indian Science Congress in 2010 by the Man of Science himself—Dr A.P.J. Abdul Kalam. Besides serving as an additional director with the Ministry of Electronics and Information Technology (MeitY), Government of India, Dr Gupta is also a published writer. Last year, he authored a book on cybersecurity called, ‘Cyber Unsafe’.
AIM: Can you tell us about your journey towards becoming the first Indian to earn a doctorate in the field of digital forensics?
Gaurav: Way back in 2001, when I completed my masters, most of my friends were interested in joining the IT sector because of the dotcom boom. However, I wanted to do something else, and I got an opportunity to work for the Central Forensic Science Laboratory at Hyderabad, where I went and set up their first cyber crime investigation and digital forensic lab.
While I was helping them set up the digital forensic lab, I found out there were a lot of problems which could arise because of the use of the technology, which at that point in time, was very nascent. It was an era where we were using the internet through dial-up connections.
At that time, I could see we were going to be increasingly dependent on technology as we moved forward; hence, frauds were also going to increase. So, I started investigating some of the technological frauds which were happening at that point in time and that interested me. I saw a couple of problems and developed world-class solutions, which were published in international journals in the US. The cybercrime summit in Atlanta invited me as a keynote speaker in 2005. So, during that time, I realised that this is a very important area and applied for my doctoral degree at Jadavpur University, Calcutta, in 2003.
AIM: What are your views on the cybersecurity space in India? Do the law enforcement agencies in India possess the right kind of skillset or tools to deal with cyber fraud?
Gaurav: We have seen since time immemorial that crimes happen, and once people start misusing something, laws and regulations come in place to deal with the misuse. It’s the same in terms of technology. As we started relying more and more on technology, people started to misuse it.
Once such a misuse starts, the law takes shape, and law enforcement agencies and various other stakeholders have to pitch in and develop their skills. The same is happening in our country also. Today, from a rickshaw puller to a sabjiwala, everybody’s using smartphones and are logging into the internet. So, cybercrimes are bound to happen.
In line with that, the Government of India has many programmes where they train law enforcement agencies and help them acquire the right set of skills. In addition, a lot of new tools, technologies, and training programmes have been rolled out.
So, what happens is skills are built over a period of time. Our law enforcement agencies do possess the skills and the tools but the country is so large, it is impossible to have 100% capability developed in advance. It is always a cat-and-mouse situation where law enforcement agencies always have to catch up with new solutions and technologies, but I think many steps are being taken in the right direction.
We have the cybercrime.gov.in portal where you can register your cybercrime-related complaints without going to the police station. We have the ‘1930’ number where you can report financial fraud so that instantly the money can be stopped in its tracks before it can be taken out by criminals in the form of cash. So, the government of India has taken a lot of interesting and innovative steps to curb cybercrime.
Besides, the IT Act has a provision of Section 79 (A), where we notify forensic labs as examiners of electronic evidence. So far, we have 12, and there are many in the pipeline. This means the quality and processes and their competence have been tested, and once everything is found suitable and up to the mark, they have been notified as examiners.
AIM: Tell us a bit about your book ‘Cyber Unsafe’ and what your motivation was behind writing it.
Gaurav: In 2001, I got a call from a friend of mine that cybercriminals had cheated him. And on the same day, one of my neighbours told me that a relative of his had been conned by a similar technique by cybercriminals.
This made me realise there are always red flags for cybercrimes, but most people are unaware and do not know how to identify these red flags. Soon, I decided to write down my experiences in the form of a book to help raise awareness towards cybercrimes. This is how ‘Cyber Unsafe’ was born.
I have presented my experiences in the form of short stories, which are very non-technical, which means they are easy to read for audiences from 10-year-olds to 70-year-olds. To sum it up, the book tells you how you avoid cyber fraud and how you can make it difficult for cybercriminals to commit fraud.
AIM: Do we have the right laws and policies in place to better protect organisations and citizens alike from cybercrimes?
Gaurav: India was one of the early adopters of cyber laws. The Information Technology (IT) Act was passed by the parliament and was notified in 2000. This was when we were still using dial-up connections, and cyber crimes were relatively less.
In 2008, we amended the IT Act. So, we have the provisions in the IT Act to stop almost all kinds of crimes, and from time to time, the government of India keeps reviewing them to address the changing technological scenario.
So, I believe we have adequate laws in place. Also, what we lack probably is the kind of awareness which has to be there with the citizens of India. In that context also, the government is running a lot of campaigns and funding is being provided to create awareness among the masses in terms of cyber security and safety measures.
The GoI has advised banks and also the RBI to run awareness campaigns for financial fraud. We have the information security education and awareness programme run by the GoI, where we disseminate information and conduct workshops and online webinars. We carry out a lot of innovative awareness programmes through information security, education and awareness.
Besides, educational bodies like UGC along with various government agencies are running campaigns where they’re training their people in-house, by webinars or by calling experts, or through quizzes, to teach them about the dos and don’ts of cybersecurity and safety.
AIM: Tell us a bit about the different initiatives in the area of cyber security done by various stakeholders.
Gaurav: GoI has asked all the departments to hire Chief Security Officers (CSOs). It also comes out with a lot of advisories through CERT-In to raise cybersecurity awareness. So, once you have the structure in place, you are better equipped to handle and tackle these cyber frauds which are going to happen. And, that’s where we see good results. We are able to respond to these situations on time and in a manner that is both efficient and effective.
The GoI also launched a programme called the cybersecurity ‘Grand Challenge’, where they invited startups to submit their ideas to solve cybersecurity problems, and we gave seed money of INR 5 to 10 lakhs in the initial stages, and the winners got INR 1 crore 60 lakhs in prize money. We had more than 100 submissions, and 12+ ideas were shortlisted initially and finally, the top three ideas were awarded prize money.
The government is investing in making people aware, enhancing the capabilities of cyber cells, modernising the police and so on. There are a large number of initiatives, and it’s really difficult to pinpoint all of them. I think most of the ministry’s websites contain details of the initiatives which they are undertaking, and they keep on publishing about other new ones on their websites.
