iOS Lockdown Mode Feature: The Cyber Bouncer for Your iPhone!

Introduction

The Central Electricity Authority (CEA) has released the Draft Central Electricity Authority (Cyber Security in Power Sector) Regulations, 2024, inviting ‘comments’ from stakeholders, including the general public, which are to be submitted by 10 September 2024. The new regulation is intended to make India’s power sector more cyber-resilient and responsive to counter emerging cyber threats and safeguard the nation's power infrastructure.

Key Highlights of the CEA’s New (Cyber Security in Power Sector) Regulations, 2024

• Central Electricity Authority has framed the ‘Cyber Security in Power Sector Regulations, 2024’ in the exercise of the powers conferred by sub-section (1) of 177 of the Electricity Act, 2003 in order to make regulations for measures relating to Cyber Security in the power sector.
• The scope of the regulation entails that these regulations will be applicable to all Responsible Entities, Regional Power Committees, Appropriate Commission, Appropriate Government and Associated Power Sector Government Organizations, and Training Institutes recognized by the Authority, Authority and Vendors.
• One key aspect of the proposed regulation is the establishment of a dedicated Computer Security Incident Response Team (CSIRT) for the power sector. This team will coordinate a unified cyber defense strategy throughout the sector, establishing security frameworks, and serving as the main agency for handling incident response and recovery. The CSIRT will also be responsible for creating/developing Standard Operating Procedures (SOPs), security policies, and best practices for incident response activities in consultation with CERT-In and NCIIPC. The detailed roles and responsibilities of CSIRT are outlined under Chapter 2 of the said regulations.
• All responsible entities in the power sector as mentioned under the scope of the regulation, are mandated to appoint a Chief Information Security Officer (CISO) and an alternate CISO, who need to be Indian nationals and who are senior management employees. The regulations specify that these officers must directly report to the  CEO/Head of the Responsible Entity. Thus emphasizing the critical nature of CISO’s roles in safeguarding the nation’s power grid sector assets.
• All Responsible Entities shall establish an Information Security Division (ISD) dedicated to ensuring Cyber Security, headed by the CISO and remain operational around the clock. The schedule under regulation entails that the minimum workforce required for setting up an ISD is 04 (Four) officers including CISO and 04 officers/officials for shift operations. Sufficient workforce and infrastructure support shall be ensured for ISD. The detailed functions and responsibilities of ISD are outlined under Chapter 5 regulation 10. Furthermore, the ISD shall be manned by sufficient numbers of officers, having valid certificates of successful completion of domain-specific Cyber Security courses.
• The regulation obliged the entities to have a defined, documented and maintained Cyber Security Policy which is approved by the Board or Head of the entity. The regulation also obliged the entities to have a Cyber Crisis Management Plan (CCMP) approved by the higher management.
• As regards upskilling and empowerment the regulation advocates for organising or conducting periodic Cyber Security awareness programs and Cyber Security exercises including mock drills and tabletop exercises.

CyberPeace Policy Outlook

CyberPeace Policy & Advocacy Vertical has submitted its detailed recommendations on the proposed ‘Cyber Security in Power Sector Regulations, 2024’ to the Central Electricity Authority, Government of India. We have advised on various aspects within the regulation including harmonisation of these regulations with other rules as issued by CERT-In and NCIIPC, at present. As this needs to be clarified which set of guidelines will supersede in case of any discrepancy that may arise. Additionally, we advised on incorporating or making modifications to specific provisions under the regulation for a more robust framework. We have also emphasized legal mandates and penalties for non-compliance with cybersecurity, so as to make sure that these regulations do not only act as guiding principles but also provide stringent measures in case of non-compliance.

References: 

1. https://cea.nic.in/wp-content/uploads/notification/2024/08/Draft_CEA_Cyber_Security_in_Power_Sectyor_Regulations_2024_English_Version.pdf

‍

Introduction

Targeting airlines and airports, airline hoax threats are fabricated alarms which intend to disrupt normal day-to-day activities and create panic among the public. Security of public settings is of utmost importance, making them a vulnerable target. The consequences of such threats include the financial loss incurred by parties concerned, increased security protocols to be followed immediately after and in preparation, flight delays and diversions, emergency landings and passenger inconvenience and emotional distress. The motivation behind such threats is malicious intent of varying degrees, breaching national security, integrity and safety. However, apart from the government, airline and social media authorities which already have certain measures in place to tackle such issues, the public, through responsible consumption and verified sharing has an equal role in preventing the spread of misinformation and panic regarding the same.

Hoax Airline Threats

The recent spate of bomb hoax threats to Indian airlines has witnessed false reports about threats to (over) 500 flights since 14/10/2024, the majority being traced to posts on social media handles which are either anonymous or unverified. Some recent incidents include a hoax threat on Air India's flights from Delhi to Mumbai via Indore which was posted on X, 30/10/2024 and a flight from Nepal (Kathmandu) to Delhi on November 2nd, 2024.

As per reports by the Indian Express, steps are being taken to address such incidents by tweaking the assessment criteria for threats (regarding bombs) and authorities such as the Bomb Threat Assessment Committees (BTAC) are being selective in categorising them as specific and non-specific. Some other consideration factors include whether a VIP is onboard and whether the threat has been posted from an anonymous account with a similar history. 

CyberPeace Recommendations

1. For Public 

• Question sensational information: The public should scrutinise the information they’re consuming not only to keep themselves safe but also to be responsible to other citizens. Exercise caution before sharing alarming messages, posts and pieces of information
• Recognising credible sources: Rely only on trustworthy, verified sources when sharing information, especially when it comes to topics as serious as airline safety.
• Avoiding Reactionary Sharing: Sharing in a state of panic can contribute to the chaos created upon receiving unverified news, hence,  it is suggested to refrain from reactionary sharing.

2. For the Authorities & Agencies

• After a series of hoax bomb threats, the Government of India has issued an advisory to social media platforms calling for them to make efforts for the removal of such malicious content. Adherence to obligations such as the prompt removal of harmful content or disabling access to such unlawful information has been specified under the IT Rules, 2021. They are also obligated under the Bhartiya Nagarik Suraksha Sanhita 2023 to report certain offences on their platform. The Ministry of Civil Aviation’s action plan consists of plans regarding hoax bomb threats being labelled as a cognisable offence, and attracting a no-flyers list as a penalty, among other things.

These plans also include steps such as :  

• Introduction of other corrective measures that are to be taken against bad actors (similar to having a non-flyers list).
• Introduction of a reporting mechanism which is specific to such threats.
• Focus on promoting awareness, digital literacy and critical thinking, fact-checking resources as well as encouraging the public to report such hoaxes

Conclusion

Preventing the spread of airline threat hoaxes is a collective responsibility which involves public engagement and ownership to strengthen safety measures and build upon the trust in the overall safety ecosystem (here; airline agencies, government authorities and the public). As the government and agencies take measures to prevent such instances, the public should continue to share information only from and on verified and trusted portals. It is encouraged that the public must remain vigilant and responsible while consuming and sharing information. 

References

• https://indianexpress.com/article/business/flight-bomb-threats-assessment-criteria-serious-9646397/
• https://www.wionews.com/world/indian-airline-flight-bound-for-new-delhi-from-nepal-receives-hoax-bomb-threat-amid-rise-in-similar-incidents-772795
• https://www.newindianexpress.com/nation/2024/Oct/26/centre-cautions-social-media-platforms-to-tackle-misinformation-after-hoax-bomb-threat-to-multiple-airlines
• https://economictimes.indiatimes.com/industry/transportation/airlines-/-aviation/amid-rising-hoax-bomb-threats-to-indian-airlines-centre-issues-advisory-to-social-media-companies/articleshow/114624187.cms 

‍

Introduction

National AVGC-XR stands for National Animation, Visual Effects, Gaming, Comics, and Extended Reality. On 21 Aug 2024 Shri Sanjay Jaju, Secretary, Ministry of Information and Broadcasting, Speaking at the 5th Global AVGC and Immersive Media Summit 2024,  announced that the National AVGC-XR Policy will be implemented soon. National AVGC-XR policy aims to facilitate investment, foster innovation, ensure skill development, protect intellectual property and help build world-class infrastructure. Additionally, Atul Kumar Tiwari, Secretary of Ministry of Skills and Entrepreneurship, said that the Centre's decision to revamp 1,000 ITIs is pivotal in aligning workforce skills with AVGC industry needs. He called for enhanced intellectual property rights to retain talent and content in India.

Key Highlights of National AVGC-XR Policy 

• The policy will be implemented in conjunction with the National AVGC-XR Mission to improve India's AVGC sectors through infrastructure development, skill enhancement, innovation, and regulatory support.
• The policy aims to improve India's international competitiveness in the AVGC industry, specifically by supporting the creation of unique intellectual properties (IPs) that can gain worldwide acclaim.
• The policy acknowledges the significance of adapting and converting content for various international viewers, which has become easier considering technological advancements.
• The government is dedicated to providing strong policies and financial backing to the AVGC industry, ensuring that India continues to be a worldwide leader in the sector.

Tech-driven trends in the AVGC-XR Sector promoting exponential growth

• Advancements in technology specifically when we talk about the Animation and VFX industry, emerging trends such as AR, VR, and real-time 3D technology, are driving the expansion of the metaverse, resulting in a rising need for fresh jobs and broadening uses beyond gaming into education, e-commerce, and entertainment. Moreover, the transition to cloud-oriented production processes and the increase in unique or original content on OTT platforms are improving cooperation and propelling industry growth. To drive expansion, global OTT leaders are commissioning more original content. This has increased the need for VFX, post-production, and animation services.
• Technological advancements in India's gaming industry, like cloud gaming, increased popularity of mobile gaming, the introduction of 5G and 6G, and recognition of e-gaming at national and international forums, are breaking down obstacles and fueling swift growth, positioning India as a key player in growing e-gaming sector worldwide. Furthermore, the integration of gamification and XR in education and training is generating immersive experiences that improve learning and skill building, contributing to the expansion of the AVGC-XR industry.
• The comics industry is being transformed by technological advancements like digital technology and self-publishing, which are increasing access and distribution through online platforms and social media. The rising popularity of graphic novels and the greater use of digital comics, particularly among young audiences with smartphones, are fueling substantial growth in the AVGC-XR industry.
• The use of AR, VR, and MR (Mixed Reality) technologies is rapidly growing due to tech-driven trends in Extended Reality (XR), transforming industries such as healthcare, education, and retail. The rising number of startups in this sector, boosted by higher venture capital funding, is speeding up the uptake of XR services, establishing it as a primary catalyst of innovation and expansion in various industries.

Final Words:

Just like the IT revolution, the Indian AVGC-XR industry along with technological trends and advancements has great potential. With the growth in various sectors within the AVGC industry, the right policy framework in place and government support, it will be forefront of India’s global standing in the AVGC sectoral growth including various Intellectual Property (IP), creations, and outsourcing services. The proposed AVGC-XR policy with a forward-thinking approach will drive the industry growth. Thus, a comprehensive integrated and collaborative approach is essential. Furthermore with rising trends in technological space including the use of AR, VR, cloud spaces, 6G and expansion of the OTT sector, the safe and secure use in terms of cybersecurity is encouraged to ultimately protect the interest of users and establish a safe secure cyber world driven by exponential growth in various sectors including AVGC. We’re at the cusp of a new era, where we’re looking at technological advancements not as a tool but as a way of life, hence safe and secure usage remains a top priority.

References: 

1. https://www.cii.in/PressreleasesDetail.aspx?enc=IkIXRoaDhS+jXtgjqb7UcbWSnaI7mgIS485nHsQEMbw
2. https://www.thehindu.com/sci-tech/technology/avgc-xr-policy-to-be-implemented-in-tandem-with-national-avgc-xr-mission-ib-secretary/article68550433.ece#:~:text=Speaking%20at%20the%20Fifth%20Global,competitiveness%20by%20fostering%20infrastructure%20development%2C
3. https://mib.gov.in/sites/default/files/Annexure%20C-AVGC-XR%20-%20Draft%20for%20National%20Policy_16th%20December%202022-AG%20EDIT.pdf
4. https://www.drishtiias.com/daily-updates/daily-news-analysis/potential-of-india-s-avgc-xr-sector

‍