Daily Current Affairs – 9th March, 2016Devendra Vishwakarma
Upgrading India’s cyber security architecture
- India’s National Cyber Security Policy aims to build a secure and resilient cyberspace for citizens, business and government.
- However the cyber security architecture in India lacks potential to regulate various cyber-crimes that happen.
Comparing digital space of India and the world:
Two things set aside India’s digital spaces from that of major powers such as the United States and China:
Design and Density
- India is a net information exporter.
- Its information highways point west, carrying with them the data of millions of Indians.
- This is not a design flaw, but simply reflects the popularity of social media platforms and the lack of any serious effort by the Indian government to restrict the flow of data.
- Equally important is the density of India’s cyberspace.
- Nearly 500 million Indians use the Internet today, but they do not access the Internet from the same devices.
- Apple’s market share in the U.S., for instance, is 44 per cent, but iPhones account for less than 1 per cent in India.
- The massive gap between the security offered by the cheapest phone in the Indian market and a high-end smart phone makes it impossible for regulators to set legal and technical standards for data protection.
India’s infrastructure is susceptible to four kinds of digital intrusions:
- Espionage: Involves intruding into systems to steal information of strategic or commercial value.
- Cybercrime: Referring to electronic fraud or other acts of serious criminal consequence.
- Attacks: Intended at disrupting services or systems for a temporary period.
- War: Caused by a large-scale and systematic digital assault on India’s critical installations.
India lacks a national security architecture:
- Recognising the strategic dimensions of cyberspace, the Prime Minister’s Office (PMO) created the position of the National Cyber Security Coordinator in 2014, however it failed to deliver the various dimensions of cyber security.
- There is, however, no national security architecture today that can assess the nature of cyber threats and respond to them effectively.
- India’s civilian institutions have their own fire-fighting agencies, and the armed forces have their own insulated platforms to counter cyber-attacks.
- Overall India needs an agency to supervise the cyber security aspects.
What could such an agency look like?
- The first requirement is to house it with permanent and semi-permanent staff that is technically proficient in cyber operations, both defensive and offensive.
- India faces a shortage of officers trained in creating and breaking encrypted platforms as well as using digital networks for intelligence gathering.
- Were such a National Cyber Security Agency (NCSA) to be created, it should have a functional “nucleus” or secretariat.
- The second requirement is to coordinate the agency’s policy functions and operations.
- The current cyber security policy, articulated in 2013 by the Ministry of Communications and Information Technology, is basically a statement of first principles.
- The NCSA should be guided by a document outlining India’s cyber strategy, much like its nuclear doctrine.
- India should not hesitate to build its offensive cyber capabilities.
- This would involve the development of software designed to intrude, intercept and exploit digital networks.
- The deployment of cyber weapons is not a low-cost affair, as the digital trail allows adversaries to track and possibly predict the development of future technologies.
- Nevertheless, a cyber-arsenal serves the key function of strategic deterrence.
- India’s cyber command should be the primary agency responsible for the creation and deployment of such weapons.
- A fully operational cyber command will take years to complete.
- It is the need of the hour, given that India’s digital capabilities lag significantly behind regional and global players.
- Whatever final form India’s cyber command takes, the government should do well to pursue the ultimate objective of a robust cyber security platform to fight digital intrusions.
Connecting the dots:
- Critically examine the need of a robust cyber security architecture for India to tackle the growing digital intrusions.
- Critically evaluate the provisions of National Cyber Security Policy 2013.
- The Aadhaar Revolution