Cyber Law has a very vital role to play at the application level, because oi the critical nature of f‌inancial data transfer. The f‌inancial messages should have the under noted features:

• The receipt of the message at the intended destination (data transmission)
• The content of the message should be the same as the transmitted one (data integrity)
• Sender of information should be able to verify its receipt by the recipient (data acknowledgement)
• Recipient of the message could verify that the sender is indeed the person (data authenticity)
• Information in transit should not be observed, altered or extracted (data security)
• Any attempt to tamper with the data in transit will need to be revealed (data security)
• Non-repudiation (non repudiation of the data)

These features boil down essentially to authentication , authorisation, confidentiality, integrity and non- repudiation

There should be an appropriate institutional arrangement for key management and authentication. This is normally done through Certif‌ication Agencies. For the banking and f‌inancial sector, the RBI should appoint a suitable agency/institution as the Certif‌ication Agency. There should also be an institutional arrangement for appropriate assessment of participants of the f‌inancial network in terms of their credit-worthiness, f‌inancial soundness, etc. These assessments will provide valuable input to the banking and f‌inancial sector.

Initially the Indian Financial Network (INFINET) will be a Closed Used Group (CUG) network, but in due course this network will have to be connected to public networks like the Society for World-wide Interbank Financial Telecommunication (SWIFT) etc. It is essential to look at the possibility of having f‌irewall implementations and they need to meet the following criteria:

• All in and out traff‌ic must pass through the f‌irewall. The f‌irewall should check and authorise the traff‌ic. The f‌irewall in itself should be immune to penetration.

• Implementation of firewalls can be done using packet f‌iltering routers, application and circuit level gateways and also network translation devices.

• Statefull multilayer inspection gateways combine the advantages of the above and also gives a better performance, f‌lexibility and security. This environment can handle all kinds of applications, namely, Transmission

• Control Protocol (TCP), User Data-gram Protocol (UDP), Remote Procedure Call (RPC), Internet Control Message Protocol (ICMP) etc. New applications can be added easily and this environment is totally transparent to end users.

• Firewalls are used to implement access control security as well as to provide for user authentication and to ensure data integrity by using encryption. It is important that the banks have their own security policy and then design security solutions accordingly. Regular reviews of Security Policies and their implementation are also important. Highly secured (e. g., funds related), secured, non-secured messages should be clearly demarcated in the security policy. Banks are, therefore, advised to have dedicated groups with enough competence and capability.

Since security is the prime concern for the banking and f‌inancial sector, continuous research should be carried out as is done in the Internet community. Institutions like IDRBT should have collaborative arrangements with national and international agencies for carrying out research in this f‌ield. Such Institutions could develop Tiger teams (hackers) and the banks can engage the team to test and determine the strength of the firewall implementation.