Having born and brought up in semi-urban part of India, I am used to Indian way of doing things when it comes to spending – one step at a time and in all probability think of what is immediately needed. This frugal way of living has served us for generations – though one can argue the efficiency of this way on a long term basis. writes Rana Gupta, Vice-President, APAC Sales, Gemalto
“The Data Integrity attacks, while arguably new to the world of Cyberattacks, are probably known to mankind for a long time whereby the empires have been won/lost on the back of wrong information.”
We worry about building the highways only when the requisite traffic is already there and hence there is no longer any worry about the return on investment.
When we are used to frugal way of living then can that be the guiding light to building Digital India faster and at a lesser cost to the public exchequer?
Why bother about spending the resources on Privacy and Security? Shouldn’t we be first focusing on having the availability of requisite digital services and let their adaption be in place before we start spending our resources on securing those?
Having said that, let us spend some time to look at the attack surface that our Digital India is likely to be exposed to. Broadly speaking, there are three category of attacks that the Digital India shall be subjected to.
Denial of Service attacks render the targeted service unavailable for consumption by its users. For example, if the website that is to issue the road-permit for material that is being sent over the road route, becomes unavailable then all the new shipments would come to a halt during the period. So, essentially, a Denial of Service attack pretty much cripples the service under attack and its impact is visible instantaneously. While one can argue about the likelihood of a service being subjected to such an attack, the very objective of Digital India being to provide the services through digital channels requires the service infrastructure to be publicly available and hence providing a set of readily known entry points for an attack to begin. While a successful attack requires a lot more than just an entry point, it certainly means that these entry points cannot be left unguarded and have to be secured in order to resist unauthorized attempts to enter. So, really the question herein is, will Digital India be effective and successful if the services are crippled every now and then?
As against the Denial of Service attack that leads to crippling of the very service, in case of a Breach of Information Privacy attack, while the service itself remains available for usage the appeal of service to its user-base starts fading away and hence the service may end up eroding its usability. This is due to unauthorized access to information that is considered sensitive and hence valuable to the business or the individuals that leads to embarrassing situation (for example, public sharing of sensitive medical information can be embarrassing for individuals whereas the public sharing of increase/decrease in per capita income by religion/caste can create embarrassing situation for the governments) or creating a situation of vulnerability (for example, public sharing of income data can make the individuals/companies vulnerable to criminal elements whereas the loss of privacy for sensitive defense information or even the insights to the email communication by ministers and officers of Government of India, can leave the entire nation vulnerable to a competitive nation). Either way, the service runs the risk of dying a slow death.
Think of this as human being either sick or disabled or dead (all various forms of Denial of Service situations) vis-à-vis the human being losing its competitive position in the society to engage in any fruitful social, personal and/or commercial activities because no one wants to engage with the person. Will Digital India be effective and successful if the citizens stay away from consuming those services? Building citizens’ confidence is a critical aspect to their usage of that service. One can think of the prevailing concerns about the privacy of UID data that is coming in the way of citizen’s adaption of UID linked services.
Lastly, the Data Integrity attacks, while arguably new to the world of Cyberattacks are probably known to mankind for a long time whereby the empires have been won/lost on the back of wrong information. In a Data Integrity attack, the underlying data-set is modified without anyone being aware of the same and hence leading to incorrect outcomes for the decisions made on the basis of that incorrect data-set. Think of someone altering the data related to rainfall or area under cultivation or the amount of food-grain available in the storage or the number of people below poverty line etc etc. What will be the outcome? The decisions being made in the wake of that incorrect data shall be incorrect – garbage-in-grabage-out. The challenging part herein will be that it will be far too late before such an attack is discovered and possibly in all the cases the damage would have already been done – for example, the decision to have a particular mix of area under crop cultivation because it was incorrectly thought that there is an abundance of a particular set of food-grain can lead to a situation whereby one set of food-grain will be available in far too excess (leading to crashing of prices for those food-grains and hence bankruptcy for the farmers involved) whereas the other set of food-grain may be available in way too little quantity (leading to sky-rocketing price inflation for those food-grains leading to social unrest). Do we want to build a Digital India that can lead to such a scenario?
The jury is still out there as to whether the answer to these questions is a resounding ‘’no’’ and hence there is no other choice but to explicitly acknowledge the need to build Information Security as a critical part of the Digital India that we intend to have in place. What do you think?