The importance of balancing the epithets of privacy and information security can’t be undermined in the digital era. While people seek data privacy, the security agencies press for free flow of information for fulfilling their mandate. T Radhakrisha of Elets News Network (ENN) talks of two interesting developments of the year just gone by
Security response to the challenge of data security with information flow needs to be addressed in an innovative fashion. It should be able to assess its maturity in implementing security in different areas with a view to continually improve the same. A security programme needs to be dynamic and vibrant such that it enables quick response to threats, vulnerabilities and actual cyber attacks.
On September 22, 2015, the Ministry of Communications and Information Technology, under the Government of India, withdrew its draft National Encryption Policy (NEP) within 24 hours after placing the draft in public domain for soliciting feedback from people, in the wake of objections raised from all quarters.
The provisions of the draft policy would have given the government access to all encrypted information stored on computer servers in India, including personal emails, messages and other data. The policy also wanted users to store all encrypted communication for minimum 90 days and make it available to security agencies, if required, in text form. But facing flak from all quarters, the government had to close the proceedings by officially stating that “users would not come under the ambit of the national encryption policy, which the government is in the process of framing”.
On Nov 9, 2015, India’s Defence Minister Manohar Parrikar inaugurated the Central Data Centre, Army Cloud and Digital Locker for the Indian Army at an official function held at the Army Headquarters.
The facility under the Army Cloud includes a Central Data Centre, a Near Line Data Centre, both in Delhi, and a Disaster Recovery site for replication of its critical data, along with virtualised servers and storage in an environmentally controlled complex. This is similar to the MeghRaj, the Cloud of National Informatics Centre, and will provide all IT Infrastructure, including servers for computing, storage, network and network security equipment, centrally for automation of the Indian Army. The latest technologies in the field have been incorporated in the first-ever Software Defined Data Centre (SDDC), wherein all the resources can be provisioned to different applications on the Cloud. It has already started providing Infrastructure as a Service (IaaS) to the Army users as the first Cloud service and will soon start providing Software as a Service (SaaS).
Facing flak from all quarters, the government had to close the proceedings by officially stating that ‘users would not come under the ambit of the national encryption policy, which the government is in the process of framing’
With the launching of DigiLocker, it will provide a secure and exclusive data storage space to all the units and formation headquarters of the Army over its dedicated data network. The DigiLocker of Indian Army is similar to e-Locker of the Digital India Programme and has all the advanced features, like digital signatures and watermarking.
This is an important step towards implementation of cyber security, as it precludes carriage of soft copies of data on CDs/DVDs and removable media. Users can store, share and access the data from anywhere, anytime on the Network.
In keeping with the national vision of Digital India, the Indian Army has launched a Programme for Digital Army with nine pillars for digitisation. For any modern army, the Network-Centric Operations are essential for meeting enhanced challenges of asymmetry, lethality, fluidity and non-linearity in the present-day battlefield. The Indian Army is addressing this key area comprehensively.
Prasad’s challenge of handling the data privacy concerns of Citizens and Parrikar’s comfort in empowering his defence forces to the next level are both being presented and addressed by the same technological deck. This is certainly a classic case of technological epistemology.