The VIF held a Round Table Discussion on 18 Sep 2014 to examine the national perspective of cyber security in terms of social, economic, political and military dimensions. The panel of discussants, comprising a select group of professionals including Mr Chandrashekhar, President NASSCOM, Mr Kiran Karnik, former President NASSCOM, Dr Gulshan Rai, Director General CERT-In, Dr Kamlesh Bajaj, CEO, Data Security Council of India (DSCI), Dr Prem Chand, Lt Gen (Retd) Davinder Kumar, Cdr (Retd) Mukesh Saini and Mr Loknath Behra, among others, discussed India’s lackadaisical cyber defence capabilities and the various remedial measures needed to bring it at par with the developed nations.
The team comprehensively dealt with issues such as threat landscape in the cyber domain including the social media, cyber security as a strategic enabler, reviewing and rebooting India’s National Cyber Security Policy (NCSP) and building eco system to enhance and operationalise it, road blocks preventing India to build a robust cyber security capability, and major strategic initiatives. The conference extended over five sessions in a single day, with a session each devoted to Environmental Scan & National Cyber Security Policy (NCSP), Building Comprehensive Capabilities, Protection and Assurance, Cyber Warfare, and Enablers.
In his opening remarks, General (Retd) NC Vij, Director VIF, reiterated that in order to safeguard our vital national interests, it is imperative to invest in security capabilities. Security is often viewed as a bottomless pit to sink more and more money even as threat perception increases. Such a perception however needs to be changed. India needs to build contemporary security capability not only to protect its vital national interests but also to be in league with the developed nations. Pointing to the inadequacies in the current NCSP, General Vij stressed on the need to address issues such as organization structure, military dimension and responsibility. He also underscored the need to build and position security capability as a strategic asset where our workforce, facilities and know how can constitute a global sourcing hub for the rest of the world to build next generation security technologies and solutions.
The keynote address by India’s present Deputy NSA, Dr Arvind Gupta highlighted the rapidly changing dynamic of cyber security and its growing linkages with conventional threats including the nuclear threats. He particularly dwelt on the missing international norms to govern the cyber space which make it even more difficult to conceptualize a proper response to those threats. He also stressed on Transparency and Confidence Building Measures (CBMs) among key international players. Dr Gupta also touched upon the initiatives taken up for cyber security architecture including those in the pipeline.
With Mr R Chandrashekhar in the chair and also as a panelist, the opening session carried out a comprehensive review of the NCSP, touching upon aspects such as organization, structure, regulatory and policy framework at national and state levels for synergy and operationalisation of NCSP. It is paradoxical that despite India being highly developed in Information Technology, sharing almost 52 percent of the global IT market, the country remains vulnerable in the cyber domain. Part of the reason for this sorry state of affairs is because most of the underlying equipment and technologies are not produced in India. Mr Chandrashekhar also elaborated upon the issue of internet governance and the efforts underway in some countries to balkanise the internet. He felt that given India’s expanding influence in the global IT industry, the country is uniquely placed to leverage its strength in the strategic space. Mr. Gulshan Rai, another panelist, spoke on the framework for awareness, incident reporting, compliance, monitoring, enforcement, incentives and penalties.
Mr. Hemal Patel, in the second session, discussed the roadmap for development of indigenious software, operationalisation of technologies for cyber security and vulnerability assessment, semiconductors, electronic products and manufacturing infrastructure as envisaged in the National Policy on Electronics, while Dr Prem Chand gave a detailed presentation on the plan and methodology for the establishment of R&D facilities, testing laboratories, centres of excellence and training infrastructure. He also presented a roadmap for skill development of cyber security personnel, tackling crime, cyber leadership and measures to ensure retention. Dr Chand said that the need to sensitize or reenergize our national efforts is felt strongly because cyber threats to India’s security have outpaced our national efforts in capacity building. In this effort, the NCSP should serve as a baseline.
The third session, chaired by Dr Kamlesh Bajaj, CEO of the Data Security Council of India, squarely focused on protection and assurance. This session was represented by three speakers, Mr Lucius Lobo, Mr R Guha, and Mr Balaji Venketeshwar. Mr Lobo remarked that while the dividing line between civilian threats and military threats is getting increasingly blurred in the cyber space, civilian security should be made as strong as the military security. He also flagged the industry’s concerns vis-à-vis financial fraud and other crimes committed by cyber criminals and organized gangs that are active in the cyber space. Dwelling on how India can push forward its agenda of ‘Make in India’, Mr Guha underlined the need to develop indigenious standards and frameworks. We are still probably not catching up with the latest trend so far as common criteria is concerned, and we stills seem to be talking about the previous version of common criteria. The last speaker in this session, Mr Balaji Venketeshwar spoke on the management of social networks and the balance between privacy and security. Discussing social media as a potential weapon for waging cyber war, he said we need to predictive rather than reactive to the misuse of social media.
The fourth session, chaired by Lt Gen (Retd) Davinder Singh, former Signal Officer-in-Chief (Indian Army), comprehensively dealt with the issue of military dimensions of cyber domain, an increasing phenomenon to incorporate cyber capabilities in the warfare doctrines across the world, especially at a time when it is feared that cyber weapons over the next decade or so would have the potential to cause mass destruction similar to the nuclear weapons. The session had three specialists on the panel. While Lt Gen (Retd) Aditya Singh, a former member of the National Security Advisory Board, made an elaborate presentation on Indian Cyber Command – Doctrine, Definition, Organization and Structure, Mr Sundeep Oberoi, Head Enterprise Security and Cdr (Retd) Mukesh Saini, former Head of National Information Security Cell, respectively touched upon Training and Development of Cyber Warriors and R&D for Cyber Weapons, and Counter Intelligence and Protection from Cyber Espionage. The discussions widely covered the role of state and non-state actors at both ends of the spectrum, as also the public-private partnership in developing robust cyber warfare capabilities for India. The approaches by different countries towards cyber warfare were examined, and policy recommendations included inter alia new structures, better structural coordination and sprucing up legislation and time-bound execution of policies.
The fifth and final session discussed the role and scope of enablers such as legal and regulatory framework, internet governance and international cooperation, incentives and sustainability, eco system, cyber forensics, law enforcement, and cyber leadership. With Air Marshal (Retd) Kishan Nowhar, former Chief of Air Staff in the chair, three other specialists represented the panel – Mr Vakul Sharma, a practicing Supreme Court lawyer, Dr Kamlesh Bajaj, founding Director of CERT-In, and Mr Loknath Behra, a cyber-forensic expert and founding member of India’s premier National Investigation Agency (NIA).
While the conference succeeded in bringing out a number of useful recommendations which could be incorporated in the action plan, it also reinforced the view that India has already lost enough time and opportunity in building a credible deterrence against emergent cyber threats. It is therefore imperative that the country needs to move with even greater speed and urgency to recover lost grounds and catch up with the developed world. The aim should be to converge, harmonize and seamlessly align all stakeholders towards an action plan, spelt out with predictable milestones so that the national leadership can make commitments and bring in responsibility and accountability metrics so as to secure India’s cyber space.