India: Stepping Up to the Cyber Challenges
On April 20, 2011 in New Delhi, the EastWest Institute and the Federation of Indian Chambers of Commerce and Industry co-hosted a seminar entitled “India and the United States–Pathways to International Collaboration on Cybersecurity.” Senior private sector and government representatives emphasized the need for India to intensify its focus on cybersecurity issues—and to promote more international cooperation. According to Latha Reddy, the Deputy National Security Advisor of India, the government is already doing exactly that. “India believes that access to Air, Sea, Space and Cyberspace domains are vital for security and economic prosperity of all nations,” she told participants. “We have launched dialogue with international partners to work together to develop a shared vision for these critical domains to promote peace, development and security.”
While the Indian government is clearly trying to demonstrate its commitment to working with other countries on cybersecurity, the fast-paced digitalization of the subcontinent is producing new problems—most notably, a sharp rise in cyber attacks and cyber crime. Along with the United States, India now ranks as one of the top five contributors to spam internationally. Since spam often carries malicious code, this is a matter of major concern—and many cyber experts fear that India’s spam production will rise dramatically in the near future.
One of the greatest challenges is how to provide tutorials and antivirus software for computer maintenance in each of India’s multiple main languages. Reddy cited the lack of consumer awareness as a major factor in the country’s increasing problems with botnets, which can threaten economic development. Botnet operators understand the vulnerabilities of the country’s rapidly developing regions and target them. As a result, India already ranks first in the world with the most botted hosts (around 16 %). Reddy appealed to other countries to share best practices in this area, and urged the development of a more efficient cyber incident response mechanism to potentially catastrophic cyber attacks.
Digitalization has been a key ingredient in India’s spectacular economic rise over the last two decades, but the public sector is still struggling to implement a comprehensive approach to cybersecurity, despite the publication of a first draft of a national cyberspace policy in April 2011. And cooperation and partnerships between the private and public sectors on cybersecurity are still in their infancies. On the international level, India is now involved in a number of international forums such as the United Nations Group of Governmental Experts, the Council for Security Cooperation in the Asia-Pacific, and the UN Commission on crime prevention and criminal justice.
“There is a tremendous opportunity to leapfrog many of the problems we face in cybersecurity through increased international cooperation,” said Shri R. Chandrasekhar, Secretary of the Department of Telecommunications within the Ministry of Communications and Information Technology. “There is a great risk that the openness and inclusiveness of the international economic system might soon be a thing of the past if we do not find ways to reduce uncertainty.”
The relationship of two cyber superpowers, the United States and India, is of pivotal importance. Mary Tarnowka, Deputy Counselor for Economic Affairs and Environment, Science, and Technology from the U.S. Embassy in Delhi, listed some of the initiatives where India and the United States are currently collaborating in the field of cybersecurity. They include a joint study of the U.S. Federal Information Security Management Act by the U.S. National Institute of Standards and Technology and the Indian Department of Information Technology: the U.S.-India Information and Communications Technology dialogue focused on increasing economic growth, trade, and investment in the ICT sector; and the U.S.-India Trade Policy Forum, which seeks to enhance trade in ICT services and goods while also addressing related cybersecurity issues.
The second part of the EWI-FICCI seminar focused on the reliability of the global undersea cable critical infrastructure and finding better solutions for timely undersea cable repairs for enhancing network availability. Undersea cables carry over 95 percent of the world’s telecommunications and internet traffic, critical to commerce. The Indian National Security Council has tasked the EastWest Institute to further explore this critical issue with its Indian partners—the Federation of Indian Chambers of Commerce and Industry (FICCI), the National Association of Software and Services Companies (NASSCOM), and the Data Security Council of India (DSCI). This is part of a broader push to implement the recommendations of the 2010 IEEE-EWI Report on the Reliability of Global Undersea Communications Cable Infrastructure (ROGUCCI). A representative of the International Cable Protection Committee (ICPC), which has taken the lead in implementing several of the recommendations, also participated in this session.
“India is rapidly becoming one of the most critical players in the global cybersecurity arena,” concluded EastWest Institute President John Mroz. “EWI is particularly pleased to be able to facilitate highly productive sessions such as this where representatives from both the private and the public sectors can work closely with their counterparts in the United States and elsewhere to promote best practices on cybersecurity.”