|An Initiative of Centre for Digital Economy Policy||
Parminder Singh, Chairperson, Cybersecurity Cell, Centre for Digital Economy Policy Research
Saurabh Singh, Public Policy Executive, Internet Governance, HP
The increasingly important role played by information technology and telecom in India’s growth, and their growing reach and usage in India’s socio-economic activities have highlighted the need for cyber-security. Without a robust security infrastructure in place, cyberspace can become a vulnerable nerve-center where any act of sabotage or espionage can compromise India’s financial systems, citizen’s services, and sensitive data leading to partial or complete paralysis of India’s critical infrastructure. Recent cyber offensives, such as the Stuxnet virus attack on Iran’s nuclear reactors, and the espionage attempts against several states by hackers based in China, have put cybersecurity at the heart of national security.
Cybersecurity comprises of multiple facets including network security, information security, critical infrastructure protection, law enforcement, and disaster recovery. These facets come with their unique and often inter-dependent issues. For the smooth implementation of cybersecurity they need to be addressed keeping a holistic perspective in viewrather than following a piecemeal approach.
What makes creation and implementation of cybersecurity challenging is that its scope goes beyond the traditional jurisdiction of government ministries and departments. Another challenge is to incorporate security parameters at the design and operations stage rather than as an additional feature to be put on the top of existing systems and processes.
Since cybersecurity is a critical component of national security, it is primarily the concern of the government. However, it is the private sector that controls most of the critical information infrastructure in the cyberspace. This implies that the government must look beyond the regulatory framework and partner with the private sector in order to create sustainable mechanisms that can introduce and maintain national cybersecurity. The private sector not only has a stake in working on cybersecurity as it controls substantial critical information infrastructure, but also it has the required technical know-how that can create the requisitestructure for cybersecurity using costeffective and implementable security solutions.
The recent steps by the government, such as setting up Joint Working Groups, on different facets of cybersecurity will enable greater trust and cooperation between the government and the private sector, thus creating an atmosphere conducive for private-public partnership.
India’s Cybersecurity strategy needs to be geared towards achieving a fine balance between security through data encryption and the necessity for law enforcement agencies to monitor the information exchange for national security and anti-terrorism operations. For this it becomes imperative that a national encryption policy is formulated and rolled out at the earliest to prevent possible conflicting situations.
With increasing number of cybercrimes, the pursuit and conviction of transnational cybercriminals has become essential for implementing cybersecurity and deterring future offenders. Any clamp down on international cybercriminals requires sustained global cooperation between governments. This kind of government-togovernment collaboration that moves beyond national boundaries and jurisdictions, and requires multiple-level engagements is challenging. However, the potential threat of cybercrimes to the maintenance national security calls for fresh avenues of dialogue between sovereign nations through existing and new forums that can establish international treaties for law enforcement pertaining to cybersecurity.
Implementation of cybersecurity also calls for greater education and awareness regarding cybercrimes. At the moment India is facing a shortage of cybersecurity experts with reports indicating that India will need half a million cybersecurity professionals by 2015. Partnership with the academia will help develop thismuch needed skilled-security manpower, fueling research into cyber forensics and analytics. A cybersecurity educational eco-system supported by leading technology institutions is also essential for such capacity building.
The nation and industry are anticipating a comprehensive and progressive cybersecurity policy that takes into account the multiple dimensions and challenges that are faced by a diverse nation like India. An institutional framework for managing these dimensions should be responsive, agile, and adaptable. As the government rolls out the national cybersecurity architecture in the coming months, the nation hopes that a resilient mechanism will be put in place that can withstand any future cyber warfare.
is President, Centre for Digital Economy Policy Research; Partner,