Proactive digital policing key to stopping cyber crimes

CERT-In recently reported that in India, one cyber crime gets reported every 10 minutes. Since January to June this year, there have been as many as 27,842 reported cases of cyber crime. Clearly, modern day crime has much more digital content than in the past. For law enforcement agencies to be able to tackle this menace, it is not only important that they react to any such crime but also try and proactively prevent them for happening.  

Difficult as it may sound, this is not an impossible proposition. One parameter which makes internet-based crimes easy to track is the traceability of digital evidence. However, in order to trace the origins of and also proactively prevent such digital crimes, it is important that law enforcement agencies are adequately equipped in this regard.

The entire internet traffic in India or in a state enters only through known sea cable networks or Internet service providers. It is required that the traffic coming and going out is monitored both in real time as well as offline. Guidelines for operation of Internet Service providers (ISP) require ISPs to make a provision for monitoring internet traffic in real time. They are also required to maintain logs for offline monitoring.  

While this monitoring and analysis at the ISP level helps detect and prevent crimes which either follow a pattern or a keyword, protection of critical infrastructure requires active monitoring and prevention of intrusions at the door step of these organisations. This is achievable by analysing and blocking suspicious traffic as it enters or leaves the gateways of organisations which fall under the category of national critical infrastructure.

As per the provisions of section 70 A of the IT Act 2000, there is a National Critical Information Infrastructure Protection Centre (NCIIPC). This centre is tasked to facilitate protection of Critical Information. However, there is a need to move beyond policy definitions. A unified protection programme among all such organisations is required. Disparate security implementations in terms of technology and tools make the job of protection difficult. On top of this, attempts to police their own networks using self-developed approaches is far from perfect.

Policing of such networks and digital crimes has to be left with law enforcement agencies in order to bring cohesion in the approach towards handling this growing menace. Law enforcement agencies today need an internet monitoring, detection and prevention centre. This centre should be able to monitor traffic at each ISP in the state in real time through monitoring connections provided by the ISPs and also analyses logs based on keywords. Similarly, this centre should have a connection to all gateways of nationally critical infrastructure. All traffic entering and leaving these organisations needs to be monitored by this centre. This will help detect digital crimes as they happen rather than waiting for reports to be lodged at cyber police stations and then starting the process after the crime has already been done.

Major stock exchanges and banks have set up their local monitoring centres. These centres help in taking proactive measures to stop any attempted intrusions but are of no use if a certain incident has to be investigated. Though being alert and informed is good, when it comes to investigations, it surely has to be left to investigative agencies.

With a centralised monitoring system, where law enforcement agencies proactively look into internet traffic in real time, detection, prevention and investigation of these crimes will become a lot easier and efficient. Modern day policing has to move from doing checkpoint duties for traffic on the roads, to performing real time checks on internet traffic. The increasing figure of digital crimes can only be curbed by enhanced digital policing in the future.  

The author is an IPS officer, currently ADG in Maharashtra, and is a Certified Information System Security Professional (CISSP)