The Union home ministry has decided to train more than 37,000 police and law enforcement officers in the country in ways to identify and investigate a range of cyber attacks, including the widely known “Nigerian Prince” scam to the more obscure “salami slicing” attacks.
The decision comes months after ransomware attacks wreaked havoc across the world, including in India where businessmen are believed to have paid hundreds of dollars to retrieve crucial records locked by suspected hackers.
It is “imperative for the law enforcement agencies to have an in-depth understanding of the working of the cyber domain and the modus operandi of crimes committed therein,” the ministry of home affairs (MHA) wrote in an advisory issued to state governments earlier this month.
“This understanding cannot be limited to a few specialist investigative officers but is a must for all police officers, especially those who are first responders to victims of crime and recording them”.
Cyber crimes are usually investigated by designated cells, which are often few and far in between in smaller towns and districts. The training will likely focus on the many lesser known web-based crimes, an MHA official said on condition of anonymity.
A salami attack, for instance, involves a stealing data or funds from a victim in small volumes so that detection is harder. Other types include identity theft, distributed denial of service (DDoS) and keylogger-based attacks.
The official quoted above said the training would cover 60 types of cyber crimes and the programme was launched in view of the rising threats that people now face from “computer oriented criminals and syndicates”.
“Internet-based crimes are some of the most challenging aspects of law enforcement and we are making a number of efforts to combat known and lesser known cyber crimes in India,” the official said.
Experts, however, say a three-day training session for may not be enough
The idea behind introducing training sessions is a welcome step provided cops work in close collaboration with domain experts in a “sanitised eco-system”, said Subimal Bhattacharjee, a cyber policy adviser and a member of the Research Advisory Network of Global Commission on Internet Governance.
“The first thing to be taken into consideration while imparting such training to police and law officers is whether you have necessary infrastructure to meet the needs. A select group of officers will receive the training so the next important step is to establish a proper yard stick through which the officers will be chosen. The most important is however need of a sustainable plan under which officers and specialists work together in close collaboration,” Bhattacharjee said.
Another home ministry official, who also requested not to be named, said the government is planning to hire experts directly from the “market” or from the National Informatics Centre Services Inc (NICSI).
The official said MHA is likely to open tenders for cyber security firms that will work in close cooperation with senior security officers with a wide experience in security policies, network security and security audits.