Global Cyber Security Policies and Agreements
Budapest Convention on Cybercrime
- Adopted in 2001 by the Council of Europe; came into force in 2004.
- It is the first international treaty on crimes committed via the internet and computer networks.
- Focuses on harmonizing national laws, improving investigative techniques, and enhancing international cooperation.
Key Provisions:
- Defines cybercrimes such as hacking, child pornography, copyright infringement, and fraud.
- Encourages countries to adopt common standards of digital evidence collection.
- Establishes 24/7 points of contact for cooperation among nations.
India’s Position:
- India has not signed the convention due to concerns over sovereignty and data sharing obligations.
- India prefers UN-led frameworks instead of regional conventions.
United Nations Cyber Security Framework
- The UN has been actively involved in promoting cyber peace and security.
- Established two main forums:
- Group of Governmental Experts (GGE): Works on norms of responsible state behavior in cyberspace.
- Open-Ended Working Group (OEWG): Involves all UN members in discussions on cyber security.
Principles under UN framework:
- Cyberspace should not be used for armed conflict or aggression.
- Protection of critical information infrastructure.
- Need for confidence-building measures between states.
- Promotion of capacity building and international cooperation.
GDPR (General Data Protection Regulation)
- Enforced by the European Union (EU) in May 2018.
- Considered the world’s strongest data protection law.
- Applies not just to EU-based companies but also to any entity handling EU citizens’ data.
Key Provisions:
- Consent-based data processing (clear, explicit consent required).
- Right to access, correction, and erasure of personal data (“Right to be Forgotten”).
- Data portability – users can transfer their data between service providers.
- Heavy penalties for non-compliance (up to €20 million or 4% of global turnover).
Global Impact:
- Inspired other nations, including India’s DPDP Act (2023), California Consumer Privacy Act (USA), and Brazil’s LGPD.
Cyber Security Frameworks by ITU and NATO
i. International Telecommunication Union (ITU)
- Specialized UN agency for ICT.
- Developed the Global Cybersecurity Agenda (GCA) and Global Cybersecurity Index (GCI).
- Encourages nations to adopt comprehensive cyber laws, awareness programs, and incident response systems.
- Provides capacity building and technical assistance to developing nations.
ii. North Atlantic Treaty Organization (NATO)
- NATO recognizes cyber defense as part of its collective defense framework (Article 5).
- Established the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) in Estonia (Tallinn).
- Conducts large-scale cyber defense exercises like “Locked Shields”.
- Promotes cyber deterrence strategies and joint defense mechanisms against state-sponsored attacks.
