DSC_5862.JPG

The ‘Homeland Security Conference 2019 on ‘Innovation led Cyber Security Management’ was the 3rd edition, jointly organised by the Vivekananda International Foundation (VIF), and the FICCI (Federation of Indian Chambers of Commerce and Industry) on 22-23 August 2019, in New Delhi. At the conference, the officials from the Indian government, industry experts, academicians, and researchers from various organisations were together to give a powerful discussion with through process on the effective management of cyber-crime and cyber security in India.

There has been much contemplation on the development of new technologies and their role in the progress of our societies. It is widely observed that when a nation is on progress path with new technologies. The security aspect has been the least considered component during the development of these technologies. Emphasising on the ‘double-edged sword’ nature of the technologies, Dr Arvind Gupta, Director, VIF, points out that any technology can either be used or abused. For the same reason, a simultaneous overhaul of the criminal justice system also needs to take place with inclusion of both psychological and legal inputs. There is a need for us to switch into the ‘mission’ mode and work towards the management of the cyber-space.

Lt Gen (Dr) Rajesh Pant (Retd), National Cyber Security Coordinator at the NSCS (National Security Council Secretariat), has understood cyber security in the form of a ‘dumbbell’ with the perpetrator and the victim on both ends, having connected by a ‘cyber-channel’ like the Internet. The most challenging part of a cyber-crime is the attribution of the incident because of the omnipresence of whole cyber mafia globally. He ensures that the India’s ‘Cyber Security Strategy 2020’ will be more focused on a whole range of solutions, including technical, procedural, legal, to tackle all aspects of cyber-crimes in future.

Shri Vidhur Gupta from the Ernst & Young (EY) emphasised on the importance of predictive policing in the present security scenario. A shift from reactionary measures to proactive measures is an imperative to manage the critical domain of the cyber security. The mass campaigns at the national level through digital platforms would serve as an effective mean to spread the awareness. To meet the purpose, there is an urgency for the Law Enforcement Agencies (LEAs) and the industry to come together on the same platform. Now is the time for India to draft a roadmap of the effective cyber security management.

Cyber Terrorists on Exploiting Technologies

Chairing the session, Maj Gen Ajeet Bajpai (Retd), made observations on the both parties involved in the act of cyber-crime. Especially, the cyber-terrorists are mostly either politically or ideologically motivated. Even as they target the Government and the Critical Infrastructure, it is through the exploitation of same technology which is available with the State. Therefore, irrespective of the challenging nature of the situation, it can be managed appropriately. Shri Rajan Luthra, Co-Chair of the FICCI’s Homeland Security division, put forwarded the challenge in cyber-security which is defined by the type of adversary. In cyber domain, the classifications of the perpetrator vary from being a petty criminal to an organised mafia, to a terrorist, and further advancement to be a State actor. On the Dark-Web environment, the core capabilities are available at same ease for everyone. This hints to the possibility of a ‘cyber-war’ in coming time. The power outages that have occurred globally in the past 45 days (in July-August), including in Caracas, New York, London, and Jakarta, does paint the picture of an element of cyber-terrorism/cyber-war. To counter it, States need to prepare its defence mechanism at faster pace.

Most critical of these threats would be an attack from ‘inside’. The supply chains in cyber-crime management are the weakest links for the dependency it exerts on the OEMs (Original Equipment Manufacturer), therefore, it is required to have synchronised efforts towards setting of baseline standards that establish the access of the OEMs to our computer/information systems. There is a need for every individual to understand the role and become a cyber-sentinel. With an idea to protect data at real-time environment, we must indulge in real-time monitoring and early warning systems. Giving a situation on Machine Learning-led recognition tools, Shri Atul Rai, CEO of Staqu Technologies has indicated that the human accuracy to certain extent in detection mechanisms is low. This gap could be covered with the introduction of Machine Learning-led face recognition tools. However, a mere change in a few pixels can mislead the machine and could already led to attacks. The security solutions that has been designed by the industry must train the machine with an image and a counter-image simultaneously for an effective mechanism.

Next Generation Cyber Technologies for Homeland Security

Addressing the session, Lt Gen Davinder Kumar (Retd) called upon the serious threat of the ‘digital insurgency’ feeding the means of radicalisation in the present context. In the cyber security ambit, people are the weakest link and there is need to provide right training which in-turn embolden our security measures. With the upcoming technologies and converging complexities of it, the cyber security demands an ideal change of the environment. The cyber security framework can be designed either by learning on the job or lessons can be drawn from the simulated platforms. In 2013, the Israel Defence Force (IDF) has established the cyber stimulators in their cyber academy to train the professionals in the cyber security domain. Such practices must be introduced in our country too.

Big Data for Intelligence and Security

Addressing the importance of data, Shri S M Sahai, Additional Secretary at the NSCS opened the discussion by mentioning the importance of data in policing. It is a game changer, perhaps more important than oil itself, since the same data can be used repetitively unlike oil and similar resources. In this need of the hour, the industry shall reach out and join the Law Enforcement Agencies, keeping in mind their requirements. Technologies like Artificial Intelligence (AI) can be effectively used in decision making including inputs from variety of sources. Technology intervention is of importance as modus operandi of the crime has become more and more innovative.

Shri Kuldeep Bhatnagar, IT Advisor to the Environment Agency in the Govt. of Abu Dhabi, underlined the profits made from cyber-crimes which out value even illegal drug trade across the globe. According to a statistic given by him, the numbers of data breaches have gone down overall but have especially surged in the health and other critical sectors. With its inception in 2012, Ransomware attacks have risen by 500% percent. All the user data obtained from the breaches, is available for sale on Dark Web environment. Even though, in general perception, China is leading the table with respect to the origins of cyber-attacks, the United States (US) ranks on top in origins as well as effect of cyber-attacks.

Fake news and its Impact on National Security

There is a clear consensus on the security threat emerging from the fake news industry in the country, especially from the neighbouring state - Pakistan. At present, fake news has become an instrument of aggression by several State and non-State actors, for respective gains. As elaborated by Smt Shruti Pandalai, Researcher at the Institute for Defence Studies and Analyses (IDSA), fake news has acquired the ability to cause social and communal upheaval. The war is being fought in the mind-space in the so called ‘post-truth’ era where opinions weigh more than the truth itself. Although such propaganda also formed a scenarios similar to the cold-war era, at present fake news is leading to proxy warfare, information warfare and online radicalisation to an extent. India is affected by cases of communal violence instigated by such means. A report by BBC depicted that 37 percent of people in India believe on the fake news in circulation.

These are disinformation and misinformation campaigns being run on the social media platforms with no gatekeepers to keep watch. Another research date from the Pew Research Centre (US) has acknowledged that the social media tends to be more reliable that print media. A whole society approach is the only possible way out of it, as suggested by Smt Pandalai, which includes social consciousness and legal remedies, as implemented by Singapore. The circulation of fake news can only be contain through the appropriate training of the people against such campaigns, along with spreading the awareness in the whole society.

Conclusion

Big Data is growing at an exponential rate. Around 97 percent of organisations around the world are investing in AI and Big Data. Out of the whole volume of data, 40 percent goes up to the Cloud services. The rise in volume of un-structured data from the IoT (Internet of Things), the social media and other sources, is another critical issue that requires immediate address. Although the data protection through AI tools may lead to the vulnerability for the attackers. Hence, the phenomenon of the cyber governance is a critical and important component of the National Security Strategy. The government and industry must constantly and jointly address the new vulnerabilities, threats and risks to secure the information systems on a real-time basis. The training and awareness on the latest-trends of the cyber security and cyber-crime investigation shall be provided to the Law Enforcement Agency officials to tackle the cyber-crime effectively. There shall be a verification process mechanism for social-media and mobile networking applications, which warns the citizens and make them aware of the implications of fake news.