In a gazette notification dated June 16, 2022, the Government of India has declared ICICI Bank as a “Protected System” under the IT Act.
This is crucial for a bank, and given the system’s criticality and the risks associated with a security breach, it is critical to guarantee that the system is safeguarded both technically and legally.
The current notification means any person who secures access or attempts to secure access to a protected system in contravention of the provisions of this section shall be punished with imprisonment of either description for a term which may extend to ten years and shall also be liable to fine.
The notification reads: In exercise of the powers conferred by sub-section (1) of section 70 of the Information Technology Act, 2000 (21 of 2000), the Central Government hereby declares the computer resources relating to the Core Banking Solution, Real Time Gross Settlement and National Electronic Fund Transfer comprising Structured Financial Messaging Server, being Critical Information Infrastructure of the ICICI Bank, and the computer resources of its associated dependencies to be protected systems.
WHO ARE AUTHORISED
The notification authorizes access to the protected systems authorized employees of ICICI Bank, third part vendors authorized by the bank and regulator, government officials, auditors, and stakeholders authorized by the ICICI Bank on case to case basis.
PUNISHMENT FOR ATTACK ON CRITICAL INFRASTRUCTURE
However, legal experts told The420.in that any attempt by a person to manipulate and tamper with the critical infrastructure will be considered an act of cyber terrorism. Section 66F(B) of the IT Act says knowingly or intentionally penetrates or accesses a computer resource without authorization or exceeding authorized access, and by means of such conduct obtains access to information, data, or computer database that is restricted for reasons of the security of the State or foreign relations; or any restricted information, data or computer database, with reasons to believe that such information, data or computer database so obtained may be used to cause or likely to cause injury to the interests of the sovereignty and integrity of India, the security of the State, friendly relations with foreign States, public order, decency or morality, or in relation to contempt of court, defamation or incitement to an offense, or to the advantage of any foreign nation, group of individuals or otherwise, commits the offense of cyber terrorism.
Under this section whoever commits or conspires to commit cyber terrorism shall be punishable with imprisonment which may extend to imprisonment for life.
OTHER CASES OF CYBER TERRORISM
For example, any threat email, hacking, or cyber-attack on the stock exchange, docks, shipyards, and other critical infrastructure is considered an act of cyber terrorism. It is interesting to know in April 2022, Bengaluru Police invoked the cyber terrorism provisions in the hoax bomb threat emails to over 15 schools in the city. This is probably the first time the section has been invoked in connection with a hoax threat case.
(Source:- https://www.the420.in/)