Co-authored with Parminder Singh
The
need for cybersecurity has become apparent with the increasingly important role
played by Information Technology and Telecom in India’s growth and the role of
internet and telecom backbone in India’s socio-economic activities. Without a
robust security infrastructure in place, cyberspace can become a vulnerable
nerve-center where any act of sabotage or espionage can comprise India’s
financial systems, citizen’s services, and sensitive data to the extent of
partial or complete paralysis of India’s critical infrastructure. The reports
of nation-led cyber offensives such as the Stuxnet virus attack on Iran’s
nuclear reactors and the espionage attempts by hackers based in China against
several states put cyber-security at the heart of national security.
Cybersecurity
comprises of multiple facets including Network security, Information security,
Critical Infrastructure protection, Law enforcement and Disaster recovery.
These facets come with their unique and often inter-dependent issues that need
to be addressed keeping a holistic perspective in view than following a
piecemeal approach. The scope for cybersecurity goes beyond the traditional
jurisdictions of ministries and departments as it involves processes and people
at the level of each of stakeholder jointly. It is increasingly been observed
that Security needs to be incorporated at the design and operations stage
rather than as an additional feature to be put on the top of existing systems
and processes.
One
of the interesting observations for Cybersecurity in India is that although Cybersecurity
is a critical component of National security, it is the private sector which
controls most of the critical information infrastructure. This intrinsic
feature calls for Government of India to look beyond regulatory framework and partner
with private organizations for national cybersecurity. The private
organizations operating the critical infrastructure would need to look beyond the
profit-centric approach for partnership initiatives. This also mandates the use
of implementable security solutions that are cost effective. But even before exploring
this public-private partnership, an atmosphere of trust and cooperation is
imperative between the government and industry. Recent steps by the government
in setting up Joint Working Groups on different facets of Cybersecurity are
laudable.
Another
challenge for India’s Cybersecurity strategy is the need to achieve the fine
balance between security through data encryption and the necessity for Law
Enforcement Agencies to monitor the information exchange for national security
and anti-terrorism operations. The national encryption policy needs to be
formulated and rolled out to prevent possible conflicting situations.
Pursuit
and conviction of trans-national cyber criminals is a critical condition for
maintaining deterrence. This cannot be achieved without international
cooperation at multiple levels which reaches beyond national boundaries and
jurisdictions. Fresh avenues of dialogue between sovereign nations through
existing and new forums are desired to work towards international treaties for
law enforcement.
Education,
awareness and human resource capacity building is another dimension of a robust
Cybersecurity framework. Partnership with Academia will help develop much
needed skilled security manpower and fuel research into cyber forensics and
analytics. Reports indicate that India will need half a million cyber-security
professionals by 2015. A cybersecurity educational eco-system supported by
leading technology institutions is essential for such capacity building.
The
nation and industry is anticipating a comprehensive and progressive Cybersecurity
policy which takes into account the multiple dimensions and challenges that are
faced by a diverse nation like India. An institutional framework for managing
these dimensions should be responsive, agile and adaptable to cope with this
highly dynamic issue. As the government rolls out the national cybersecurity
architecture in the coming months, the nation hopes that a resilient mechanism
will be put in place that can withstand any future cyber warfare.
Dr. Jaijit, India should have deterrence to cyber ware in terms pro-active measures, pro-active collaboration with other countries, and cyber ware asset building.
ReplyDeleteThere should be Cyber Security Index of each nation, based on the energy grid, aviation systems, water utility systems, eDevelopment systems, financial system, defense systems, in conjunction with "think-tanks", governments, academics, OEMs and software security vendors.
ReplyDelete