#FactCheck - Viral Image of Bridge claims to be of Mumbai, but in reality it's located in Qingdao, China

INTRODUCTION:

The Ministry of Defence has recently designated the Additional Directorate General of Strategic Communication in the Indian Army as the nodal officer now authorised to send removal requests and notices to social media intermediaries regarding posts consisting of illegal content with respect to the Army. Earlier, this process was followed through the Ministry of Electronics and Information Technology (MeitY). The recent designation gives the Army the autonomy of circumnavigating the old process and enables them to send direct notices (as deemed appropriate by the government and its agency). Let us look at the legal framework that allows them to do so and its policy implications. 

BACKGROUND AND LEGAL FRAMEWORK:

Section 69 of the IT Act 2000 gives the government the power to issue directions for interception, monitoring or decryption of any data/information through any computer resource. This is done so under six reasons related to:

• Upholding the sovereignty or integrity of India
• Security of the state
• Defence of India
• Friendly relations with foreign states
• Public order or for preventing incitement of any cognisable offence
• Investigations of offences related to the aforementioned reasons 

Section 79(3)(b) of the Information Technology Act 2000 is another aspect of the law related to the removal of data on notification. It allows for all intermediaries (including internet service providers and social media platforms) to have safety harbours from the liability of the content put out by third parties/users on their platforms. This, however, is only applicable when the intermediary has either received a notification or actual knowledge by the appropriate government or its agency of the data on their platform being used for unlawful acts and complies promptly by removing the data from their platform without tampering with evidence.

PLAUSIBLE REASONS FOR POLICY DECISION:

Cases related to the Indian Army are sensitive for a number of reasons, rooted in the fact that they directly pertain to the nation's security, integrity and sovereignty. The impact of the spread of misinformation and disinformation is almost instantaneous and the stakes are high in any circumstance, but exceptionally so when it comes to the Armed Forces and the nation’s security status. A mechanism to tackle cases of such a security level should allow for quick action from the authorities. Owing to the change in the ability to notify directly rather than through another ministry, the army can now promptly deal with these concerns as and when they arise. One immediate benefit of this change is that the forces can now quickly respond to instances where foreign states and actors with malicious intent put out information that can cause harm to the nation’s interests, image and integrity. 

This step helps the forces deal with countering misinformation, ensuring national security and even addressing issues of online propaganda. An example of sensitive content about the army leading to legal intervention is the case of Delhi-based magazine The Caravan. The Defence Ministry, along with the Intelligence Bureau and the Jammu and Kashmir police ordered the Delhi-based publication to remove an article claiming the murder and torture of civilians by the Indian army in Jammu and Kashmir citing the IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021. The instruction was challenged by the magazine in the courts.

CONCLUSION:

This move brings with it potential benefits along with risks and the focus should always be on maintaining a balanced approach. Transparency and accountability are imperative and checks on related guidelines so as to prevent misuse while simultaneously protecting national security should be at the centre of the objective of the policy approach. Misinformation in and about the armed forces must be dealt with immediately.

REFERENCES:

• https://www.hindustantimes.com/india-news/army-can-now-directly-issue-notices-to-remove-online-posts-101730313177838.html
• https://www.hindustantimes.com/india-news/inside-79-3-b-the-content-blocking-provision-with-many-legal-grey-areas-101706987924882.html
• https://www.thehindu.com/news/national/govt-orders-magazine-to-take-down-article-on-army-torture-and-murder-in-jammu/article67840790.ece
• https://myind.net/Home/viewArticle/army-gains-authority-to-directly-issue-notice-to-take-down-online-posts

‍

Introduction

In the multifaceted world of international trade and finance, cross-border transactions constitute the heart of economic relationships that span the globe. The threads that intertwine forming the fabric of global commerce are ceaselessly dynamic and exhibit an intricate pattern of complexity especially when it comes to the regulated movement of capital. It's a domain where economies connect, where businesses engage in sublime commerce, and where technology and regulation intersect at critical juncture. These guidelines will play a critical role in the regulation of capital, fortification of financial integrity, and transparency of regulatory and cross-border payments. The key highlights of this regulation include strict pre-authorization for non-bank entities, mandating specific accounts for import and export PA-CBs and a transaction ceiling of 25,00,000 Rupees.

The Vigilance of RBI 

The Reserve Bank of India (RBI), ever vigilant in its shepherding role over the nation's financial stability and integrity, has taken decisive strides to dispel the haze that once clouded this critical sector. With the issuance of a revelatory circular dated October 31, 2023, the RBI has unveiled a groundbreaking framework that redefines the terrain for these pivotal financial entities, aptly christened as Payment Aggregators – Cross Border (PA-CB). In deploying this comprehensive array of regulations, the RBI demonstrates a robust commitment to harmonizing and synchronizing the oversight of payments within the country's financial fabric, extending its meticulous regulatory weave from domestic Payment Aggregators (PAs) to the PA-CBs, a sector previously undistinguished in formal oversight.

The prescriptive measures announced by the RBI are nothing short of a regulatory beacon that cuts through the fog of uncertainty, illuminating a clear path forward for entities dedicated to facilitating cross-border payment transactions pertaining to the import and export of permissible goods and services in India through online modes. Inclusiveness is a hallmark of the RBI’s directive, encompassing a diverse cadre of financial actors, ranging from Authorized Dealer (AD) banks and conventional Payment Aggregators (PAs), to the emergent breed of PA-CBs actively engaged in processing these critical international payment transactions.

Key Aspects of Regulation

One of the most striking aspects of this new regulatory regime is the RBI's insistence on pre-authorization. All non-bank entities providing PA-CB services are impelled to apply to the apex bank for authorisation by April 30, 2024. This is far from a perfunctory gesture; it represents a profound departure from the bygone era when these entities functioned under a patchwork of provisional guidelines and ad-hoc circulars. Indeed, with this resolute move, the RBI signals its intention to embrace these entities within its direct regulatory gambit, an acknowledgement of the shifting tides and progressive intricacies characteristic of cross-border payments.

The tapestry of new rules is complex, setting forth an array of prerequisites for entities aspiring for authorization. For instance, non-bank PA-CBs are obliged to register with the Financial Intelligence Unit-India (FIU-IND) as a preliminary step before commencing the application process. Moreover, the financial benchmarks set are notably rigorous. Non-banks must boast a minimum net worth of ₹15 crores at the time of the application—a figure that escalates to a robust ₹25 crores by the fiscal deadline of March 31, 2026.

Way Forward

As if these requirements weren't indicative enough of the RBI’s penchant for detail and precision, the guidelines become yet more granular when addressing specific types of PA-CBs. Import-only PA-CBs are mandatorily obliged to maintain an Import Collection Account (ICA) with an AD Category-I scheduled commercial bank, while export-only PA-CBs are instructed to maintain an Export Collection Account (ECA), which can be maintained in Indian Rupees (INR) or any permissible foreign currency. The nuance here is palpable; payments for import transactions must be received in a meticulously managed escrow account of the PA, prior to being funneled into the ICA for smooth settlement with overseas merchants.

Conversely, export-only PA-CBs' proceeds from international sales must be swiftly credited to the relevant currency ECA. This meticulous accounting ensures that the flow of funds is both transparent and traceable, adhering to the utmost standards of financial probity.

Yet, perhaps the most emphatic of the RBI's pronouncements is the establishment of a transaction ceiling. PA-CBs have their per-transaction limit capped at ₹25,00,000 for each unit of goods or services exchanged. This calculated move is transparent in its objective to mitigate risk—a crucial aspect when one considers the potential implications of these transactions on the country’s fiscal health and the integrity of its financial systems.

It is no exaggeration to declare that with these guidelines, the RBI is effectuating a seismic shift in the regulation of cross-border payment transactions. There's a fundamental transformation taking place—a metamorphosis—from a loosely defined existence of PA-CBs to one of distinct clarity, under the direct and unswerving supervisory gaze of the regulator. The compliance burden, indeed, has become heavier, yet the return is a compass that points decisively towards secure harbours.

As we embark upon the fresh horizons that these rules bring into view, it is imperative to acknowledge that the RBI's regulatory innovations represent far more than a mere codification of dos and don'ts. They embody a visionary stride towards safeguarding and fortifying the architecture of international payments, a critical component of India's burgeoning presence on the world economic stage.

Conclusion 

The journey ahead, as we navigate these newly charted waters with the RBI's guidelines as our steadfast North Star, will no doubt be replete with challenges, adaptations and learning curves for the array of operational entities. But it is with confidence we can say, the path is set; the map is clear. The complex labyrinth of cross-border financial transactions is now demystified, and the RBI's clarion call beckons us towards a future marked by regulation, security, and above all else, reliability in the cosmopolitan tapestry of global trade. RBI’s guidelines provide a comprehensive framework for standardizing cross-border financial transactions in India. This decision is a monumental step towards maintaining cyber peace in cyberspace. 

References:

• https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=12561&Mode=0
• https://www2.deloitte.com/in/en/pages/tax/articles/tax-alert-Regulation-of-payment-aggregator-cross-border-pa-cb.html
• https://www.jsalaw.com/newsletters-and-updates/rbis-new-guidelines-to-govern-payment-aggregators-in-cross-border-transactions/ 

‍

Introduction

In an alarming event, one of India’s premier healthcare institutes, AIIMS Delhi, has fallen victim to a malicious cyberattack for the second time in the year. The Incident serves as a clear-cut reminder of the escalating threat landscape faced by the healthcare organisation in this digital age. In the attack, which unfolded with grave implications, the attackers not only explored the vulnerabilities present in the healthcare sector, but this also raised the concern about the security of patient data and the uninterrupted delivery of critical healthcare services. In this blog post, we will explore the incident, what happened, and what safety measures can be taken.

Backdrop

The cyber-security systems deployed in AIIMS, New Delhi, recently detected a malware attack. The nature and scope of the attack were both sophisticated and targeted. This second hack acts as a wake-up call for healthcare organisations nationwide. As the healthcare business increasingly depends on digital technology to improve patient care and operational efficiency, cybersecurity must be prioritised to protect sensitive data. To minimise cyber-attack dangers, healthcare organisations must invest in robust defences such as multi-factor authentication, network security, frequent system upgrades, and employee training.

The attempt was successfully prevented, and the deployed cyber-security systems neutralised the threat. The e-Hospital services remain to be fully secure and are functioning normally.

Impact on AIIMS

Healthcare services have been under hackers’ radar worldwide, and the healthcare sector has been impacted badly. The attack on AIIMS Delhi’s effects has been both immediate and far-reaching. The organisation, which is recognised for delivering excellent healthcare services and performing breakthrough medical research, faced significant interruptions in its everyday operations. Patient care and treatment processes were considerably impeded, resulting in delays, cancellations, and the inability to access essential medical documents. The stolen data raises serious concerns about patient privacy and confidentiality, raising doubts about the institution’s capacity to protect sensitive information. Furthermore, the financial ramifications of the assault, such as the cost of recovery, deploying more robust cybersecurity measures, and potential legal penalties and forensic analyses, contribute to the scale of the effect. The event has also generated public concerns about the institution’s ability to preserve personal information, undermining confidence and degrading AIIMS Delhi’s image.

Impact on Patients: The attacks not only impact the institutes but also have serious implications for the patients and here are some key highlights:

Healthcare Service Disruption: The hack has affected the seamless delivery of healthcare services at AIIMS Delhi. Appointments, surgeries, and other medical treatments may be delayed, cancelled, or rescheduled. This disturbance can result in longer wait times, longer treatment periods, and potential problems from delayed or interrupted therapy.

Patient Privacy and Confidentiality are jeopardised because of the breach of sensitive patient data. Medical data, test findings, and treatment plans may have been compromised. This breach may diminish patient faith in the institution’s capacity to safeguard their personal information, discouraging them from seeking care or submitting sensitive information in the future.

As a result of the cyberattack, patients may endure mental anguish and worry. Fear of possible exploitation of personal health information, confusion about the scope of the breach, and concerns about the security of their healthcare data can all have a negative impact on their mental health. This stress might aggravate pre-existing medical issues and impede total recovery.

Trust at stake: A data breach may harm patients’ faith and confidence in AIIMS Delhi and the healthcare system. Patients rely on healthcare facilities to keep their information secure and confidential while providing safe, high-quality care. A hack can doubt the institution’s ability to safeguard patient data, affecting patients’ overall faith in the organisation and potentially leading to patients seeking care elsewhere.

Cybersecurity Measures

To avoid future hacks and protect patient data, AIIMS Delhi must prioritize enhancing its cybersecurity procedures. The institution can strengthen its resistance to changing threats by establishing strong security practices. The following steps can be considered.

Using Multi-factor Authentication: By forcing users to submit several forms of identity to access systems and data, multi-factor authentication offers an extra layer of protection. AIIMS Delhi may considerably lower the danger of unauthorised access by applying this precaution, even in the case of leaked passwords or credentials. Biometrics and one-time passwords, for example, should be integrated into the institution’s authentication systems.

Improving Network Security and Firewalls: AIIMS Delhi should improve network security by implementing strong firewalls, intrusion detection and prevention systems, and network segmentation. These techniques serve to construct barriers between internal systems and external threats, reducing attackers’ lateral movement within the network. Regular network traffic monitoring and analysis can assist in recognising and mitigating any security breaches.

Risk Assessment: Regular penetration testing and vulnerability assessments are required to uncover possible flaws and vulnerabilities in AIIMS Delhi’s systems and infrastructure. Security professionals can detect vulnerabilities and offer remedial solutions by carrying out controlled simulated assaults. This proactive strategy assists in identifying and addressing any security flaws before attackers exploit them.

Educating and training Healthcare Professionals: Education and training have a crucial role in enhancing cybersecurity practices in healthcare facilities. Healthcare workers, including physicians, nurses, administrators, and support staff, must be well-informed about the importance of cybersecurity and trained in risk-mitigation best practices. This will empower healthcare professionals to actively contribute to protecting the patient’s data and maintaining the trust and confidence of patients.

Learnings from Incidents

AIIMS Delhi should embrace cyber-attacks as learning opportunities to strengthen its security posture. Following each event, a detailed post-incident study should be performed to identify areas for improvement, update security policies and procedures, and improve employee training programs. This iterative strategy contributes to the institution’s overall resilience and preparation for future cyber-attacks. AIIMS Delhi can effectively respond to cyber incidents, minimise the impact on operations, and protect patient data by establishing an effective incident response and recovery plan, implementing data backup and recovery mechanisms, conducting forensic analysis, and promoting open communication. Proactive measures, constant review, and regular revisions to incident response plans are critical for staying ahead of developing cyber threats and ensuring the institution’s resilience in the face of potential future assaults.

Conclusion

To summarise, developing robust healthcare systems in the digital era is a key challenge that healthcare organisations must prioritise. Healthcare organisations can secure patient data, assure the continuation of key services, and maintain patients’ trust and confidence by adopting comprehensive cybersecurity measures, building incident response plans, training healthcare personnel, and cultivating a security culture. Adopting a proactive and holistic strategy for cybersecurity is critical to developing a healthcare system capable of withstanding and successfully responding to digital-age problems.