Policies on Cybersecurity

Co-authored with Parminder Singh

The need for cybersecurity has become apparent with the increasingly important role played by Information Technology and Telecom in India’s growth and the role of internet and telecom backbone in India’s socio-economic activities. Without a robust security infrastructure in place, cyberspace can become a vulnerable nerve-center where any act of sabotage or espionage can comprise India’s financial systems, citizen’s services, and sensitive data to the extent of partial or complete paralysis of India’s critical infrastructure. The reports of nation-led cyber offensives such as the Stuxnet virus attack on Iran’s nuclear reactors and the espionage attempts by hackers based in China against several states put cyber-security at the heart of national security.

Cybersecurity comprises of multiple facets including Network security, Information security, Critical Infrastructure protection, Law enforcement and Disaster recovery. These facets come with their unique and often inter-dependent issues that need to be addressed keeping a holistic perspective in view than following a piecemeal approach. The scope for cybersecurity goes beyond the traditional jurisdictions of ministries and departments as it involves processes and people at the level of each of stakeholder jointly. It is increasingly been observed that Security needs to be incorporated at the design and operations stage rather than as an additional feature to be put on the top of existing systems and processes.

One of the interesting observations for Cybersecurity in India is that although Cybersecurity is a critical component of National security, it is the private sector which controls most of the critical information infrastructure. This intrinsic feature calls for Government of India to look beyond regulatory framework and partner with private organizations for national cybersecurity. The private organizations operating the critical infrastructure would need to look beyond the profit-centric approach for partnership initiatives. This also mandates the use of implementable security solutions that are cost effective. But even before exploring this public-private partnership, an atmosphere of trust and cooperation is imperative between the government and industry. Recent steps by the government in setting up Joint Working Groups on different facets of Cybersecurity are laudable.

Another challenge for India’s Cybersecurity strategy is the need to achieve the fine balance between security through data encryption and the necessity for Law Enforcement Agencies to monitor the information exchange for national security and anti-terrorism operations. The national encryption policy needs to be formulated and rolled out to prevent possible conflicting situations.

Pursuit and conviction of trans-national cyber criminals is a critical condition for maintaining deterrence. This cannot be achieved without international cooperation at multiple levels which reaches beyond national boundaries and jurisdictions. Fresh avenues of dialogue between sovereign nations through existing and new forums are desired to work towards international treaties for law enforcement.

Education, awareness and human resource capacity building is another dimension of a robust Cybersecurity framework. Partnership with Academia will help develop much needed skilled security manpower and fuel research into cyber forensics and analytics. Reports indicate that India will need half a million cyber-security professionals by 2015. A cybersecurity educational eco-system supported by leading technology institutions is essential for such capacity building.

The nation and industry is anticipating a comprehensive and progressive Cybersecurity policy which takes into account the multiple dimensions and challenges that are faced by a diverse nation like India. An institutional framework for managing these dimensions should be responsive, agile and adaptable to cope with this highly dynamic issue. As the government rolls out the national cybersecurity architecture in the coming months, the nation hopes that a resilient mechanism will be put in place that can withstand any future cyber warfare.