There is clearly a need for India to have a national cyber security policy for a comprehensive response to digital threats, internal as well as external. Also, the government should find ways to involve the youth in the effort.Raj Chengappa
Call it serendipity, but after reading an account of how Edward Snowden blew the whistle on the US National Security Agency’s top secret worldwide snooping programme I happened to watch a re-run of the English movie “Live Free or Die Hard”.
Snowden exposed how the US NSA had a programme called Prism that gathered data about individuals and institutions from the world’s top technology companies, including social network sites. On the other hand, the movie featured Bruce Willis saving the US from a hi-tech attack against its critical computer infrastructure.
While the nature of the threats they highlighted were different, the core issue they revolved around was similar: individual privacy versus national security. US President Barack Obama, clearly disconcerted over the Snowden expose, said, “You can’t have a 100 per cent security and then also have 100 per cent privacy and zero inconvenience.” Obama said society must make the choice.
So should we live free or die hard? Or do both? Ever since we have all become electronically connected via computers and smart phones, questions and suspicions have been raised as to just how much of our interactions are being tapped either by the government or by hackers out to play mischief. While at the individual level the issue of privacy is paramount, at the national level it is a question of the country’s security.
The movie showed how a group of criminals took charge of vital computer infrastructure by hacking into the hubs that control traffic, power generation and even the financial services like stockmarkets and held the entire country hostage. They then caused stupendous traffic jams and accidents by manipulating the traffic lights, shut down power stations by hacking into the mainframes that controlled them and even began illegally transferring huge amounts of money by penetrating bank accounts.
If the movie appeared to be sci-fi, the truth is that reality is fast catching up. As individuals we have heard of complaints of how our credit card numbers and passwords are captured by hackers and then misused for Net purchases. At the national level, cyber security has become a major thrust of both the Central and state governments in the country. With the exponential growth of the use of Internet and cell phones in India , the need to have a secure information infrastructure has grown manifold.
Since 2004 India has, in fact, had a Computer Emergency Response Team (CERT-In) set up by the Department of Information and Technology of the Union Ministry of Communications and Information Technology. CERT-
1. In has a set of key missions that include collecting and analysing all cyber attacks,
2. taking emergency measures to tackle the threat and cooperating with government agencies, industries and academia to both educate them of the threats and assist them in securing their information networks.
It is good that India has been quick off the block to handle such threats, as is evident from the mounting number of cyber-attacks.
1. Cert-In reports that cyber attack incidents in India grew from 352 in 2006 to over 22,000 last year.
2. Virus attacks and malicious code propagation, malware as they are known in geek-speak, have grown too with over 3,000 attacks being reported in 2012.
3. Spam mail now ranks second in terms of cyber threats and all of us who own computers have been victim to this invasion.
4. Website defacements too are increasing and last year close to 25,000 websites complained of being targeted.
As the Snowden expose shows, the threat is not just from non-state hackers but also from foreign governments that are using all possible technical means to spy on rival countries apart from their own citizens.
While CERT-In has been doing a good job there is clearly a need for India to have a national cyber security policy that lays a road map for a comprehensive and collective response to deal with threats to cyber security from both internal and external sources.
The policy should lead to an effective capability for monitoring, deterring and dealing with cyber attacks and crimes apart from snooping by foreign governments.
The Union Government is planning to announce such a policy soon after consultation with key stakeholders, and when it comes it will not be a day too soon. Among the steps being taken by the Central government is the
1. setting up of a National Cyber Coordination Centre,
2. a National Critical Information Infrastructure Protection Centre;
3. and a Cyber Security Assurance and Certification Body.
These are significant measures to make the nation feel far more secure. Simultaneously, the government must ensure that there are safeguards in place to prevent misuse against the country’s own citizens.
Given that India has some of the top-ranking software companies in the world, it would make sense to involve them in a big way in the evolution of the policy apart from helping in setting up secure systems and building counters against cyber threats.
Also, with India ’s young taking to computers in a big way, it is important that the government finds ways to involve them in efforts to protect India from cyber threats and attacks and turn it into a national movement. It’s time to fight hard to live free.