Cyberspace has emerged as a global commons. It requires safe navigation by countries for trade, commerce and communication. Militaries consider it as the fifth domain — after land, sea, air and space. The internet economy, meanwhile, is growing significantly in all countries, leading to job creation, involving youth in all spheres of human activity. Nations want the internet to continue to innovate and grow; develop new business models, connect the globe through social media, create communities and remain a powerful means of communications and new ideas. However, the very same standard protocols of the internet that make it easy to connect in borderless space are used by criminals to attack private and public infrastructure as well as strategic resources. As a result, cyber crimes, espionage and cyber weapons are also on the rise. Crime syndicates, non-state actors and others continue to disrupt the peaceful uses of cyberspace. Unique characteristics of the internet, namely offence dominance, difficulty in attribution of attacks, development of cyber weapons by states and use of non-state actors to camouflage their actions are making cyberspace more and more insecure. Moreover, the applicability of international laws is not known, since the act of war by a state is difficult to establish — when started, whether ended.
Nations are developing offensive capabilities even as they preach its use for economic growth. Cases of cyber espionage, surveillance in the name of counterterrorism, and cyber warfare are high on the agenda of international discussions in an effort to ensure that the internet or cyberspace is used for the global good. The reecent stand-off between the US and China on espionage by the latter and political espionage by the former in the name of counterterrorism has escalated to high decibels. In addition, internet governance, largely under US government oversight, is another sore point in the global discussions.
India’s dependence on technology as a nation is increasing — the Indian economy is going the e-way. Growth in e-commerce, e-payments, card circulation, domestic IT market spending and internet user base are the leading indicators. The government is relying on technology to solve governance problems and socio-economic problems. Technology is becoming the lifeline of critical infrastructures such as energy, telecommunication, banking, stock exchanges, etc. Businesses are leveraging technology to transform their business models. Defence and police agencies are making strategic use of technology to modernise. As a nation, we are as much the victim of cyber attacks as any other country. The attackers are local and global — driven by motives such as financial fraud or terrorism; crime syndicates; nation-states attacking directly or using non-state actors for economic and political espionage. Attacks on critical infrastructure can have crippling effects on civilians, with outcomes similar to those achieved by traditional war. Clearly, cyber security is linked to national security.
India is largely on the margins of all the global debates on internet governance, surveillance and espionage. It has never sought its rightful place commensurate with its status as an IT country that is the global hub of outsourcing. Multiple government departments have protected their turf without coming to any consensus on how to view internet governance. The involvement of the private sector in so-called public-private partnerships needs to be considerably enhanced. Cyberspace has to be managed through information-age mechanisms of cooperation and information-sharing, while India remains rooted in silos of feudal governance, which are not even based on the efficiency of industrial governance. The new government, under the leadership of Prime Minister Narendra Modi, may like to consider the following policy agenda in earnest.
One, recognising cyber security as a strategic domain of national security: there is a need to implement a robust national cyber security framework that is capable of addressing the needs of different strategic sectors, including defence. The framework implementation should be driven by a national cyber security structure that clearly defines roles and responsibilities of stakeholders and establishes coordination and collaboration mechanisms between agencies. The cyber security policies, plans and initiatives should be action-oriented, time-bound and with clearly set out responsibilities and accountability.
Two, strengthening the protection of Critical Information Infrastructure (CII) through public-private partnerships: since the CII is owned, in large part, by the private sector, its involvement in cyber security is essential. The government should launch public-private partnership programmes to protect the CII, including government and defence infrastructure. The government needs to incentivise the private sector to invest in security beyond what is required by businesses through appropriate instruments. The policies for CII protection and cyber security in general should be predictable, pragmatic, business-friendly, and forward-leaning — respecting technology advancements instead of being regressive.
Three, promoting research and development, innovation, investments and entrepreneurship in cyber security to establish India as a global hub for cyber security products, solutions and services: this entails creation of a conducive environment. Incentives should be provided for R&D in the private sector, including funding, and the issues regarding commercialisation of new products should be addressed. The government should include the cyber security sector in its international trade missions.
Four, focusing on building capabilities and skills: in defence (cyber warfare, cyber command, offensive and defensive capabilities), law enforcement agencies and judiciary (cyber crime investigation, cyber forensics), standards and workforce development, the foreign service (cyber diplomacy and negotiations), government departments (securing government assets), testing ICT products and the private sector (securing business assets, providing services to domestic and global markets).
Five, contributing to, and taking leadership of, global forums to protect India’s strategic interests: as cyber security is a global issue, the international community is continuously engaged through various forums, such as the UN, Internet Governance Forum, etc, to discuss issues such as internet governance, cyber crimes, cyber warfare, security standards, supply chain risks, information sharing, and surveillance, to devise solutions. At present, India’s participation in
such forums is not commensurate with its cyber economy. The government should create necessary structures within the country to understand complex issues, engage in consultations with stakeholders and develop the country’s position on such issues.
The writer is CEO, Data Security Council of India, a NASSCOM initiative. He was the founder director of CERT-In, Government of India.
Views are personal