“Cyber will soon be revealed to be the biggest revolution in warfare, more than gunpowder and air power utilisation in the last century.” – Lieutenant General Aviv Kochavi
In a welcoming step, the government of India introduced its first Cyber Security Policy in 2013. Under the policy, it outlined the principles on which India can approach cybersecurity strategies. Then onwards, India has witnessed rapid digitisation across all the sectors.
At present, cybersecurity experts from all over the country are demanding an updated Cyber Security Policy. A policy that does a lot more than merely defining and outlining the principles, objectives and strategies.
In July 2017, an IIT Kanpur submitted a report on cybersecurity to the Parliament. As per the report, “The danger of cybercrime is looming large on the defence, education and telecom sectors. Around 164 government websites were hacked in 2015.”
With the recent changes in the paradigm of handling the cross-border terrorism, India is more prone to cyber threats as the hostile neighbours can’t even think of going for a conventional war. National Association of Software and Services Companies (NASSCOM), Netherland called India as one of the nations which is most vulnerable to cyber-attacks in the world.
In December 2016, the Home Ministry indicated that mobile apps such as ‘vdjunky’ (video app) ‘mpjunkie’ (music app), ‘Top Gun’ (game app), and ‘Talking Frog’ (entertainment app) were spying on Indian security forces for the Pakistani intelligence agencies. Earlier in 2016, Play Store removed ‘SmeshApp’ from its list on the charges of being used by ISI to spy on Indian Army. On the other hand, Chinese malware also poses a challenge to cyber health of India.
The main challenge at the national level is an absence of the institutional architecture for Cyber Security. To deal with it, the Modi government created a new post of Cyber Security Advisor under the office of the Prime Minister. Cyber Security Advisor is also the ex-officio head of the National Cyber Coordination Centre. Several cyber experts suggest that the government should proactively work towards the direction of creating a robust institutional framework to ensure the digital safety of the nation. Several experts believe that institutionalising the area of cybersecurity is the first and foremost thing which should be done as soon as possible.
The task of institutionalising cybersecurity in India is not an easy job. There are multiple stakeholders in cyber policy within the Indian government, ranging from Ministry of Electronics & Information Technology, the Ministry of Home Affairs through its oversight of investigative authorities, National Critical Infrastructure Information Protection Centre and the National Cyber Coordination Centre. With such a fragmented system, there might be difficulty in forming a consensus on the next national Cyber Security Policy.
Another issue to institutionalise cybersecurity is the lack of trained workforce. The 2013 Policy outlined a vision “To create a workforce of 500,000 professionals skilled in cybersecurity in the next 5 years through capacity building, skill development and training.” According to a 2017 report, there are only 50,000 such skilled professionals, which is only 10% of the aspired number. An Updated policy should outline specific guidelines for training and recruiting the aspired number of such people within a particular period of time.
Keeping in mind the private sector’s cybersecurity needs, the policy tried to address the need for establishing the public-private partnership. The policy called “To develop effective public-private partnerships and collaborative engagements through technical and operational cooperation and contribution for enhancing the security of cyberspace.” However, little has been done on the part of the government to align itself with the private sector. Addressing the public-private partnership should be at the heart of the updated Cyber Security Policy.
Another critical area of cybersecurity development is enhancing military-civil cyber collaboration. Several leading strategic and intelligence, defence and cybersecurity experts have advocated taking urgent steps to upgrade India’s cybersecurity standards. In that direction, the National Cyber Coordination Centre was established by the government, operational since August 2017. Besides, the updated policy should go beyond the vision of the 2013 policy and focus on creating a mechanism for greater civil-military cyber collaboration.
India has witnessed rapid cyber transformation since 2013. With the increasing military incompetence of the hostile neighbours, the only viable space they can try to challenge the sovereignty of India is by crossing the international boundaries through cyber warfare.
India is known for producing one of the finest crops when it comes to information technology experts. The government only needs to provide a healthy environment, although minute, our world-class cybersecurity experts by themselves will create safe and secure cyberspace without any potential cyber threat.