File photo of an employee of Indian IT security solutions company Innefu Labs working at their offices in New Delhi, Dec. 13, 2016. In the darkened offices of a tech start-up, a handful of computer engineers sift through a mountain of intelligence data that would normally be the work of a small army of Indian security agents. (Sajjad Hussain/AFP/Getty Images)
A powerful American Senate panel has recently recommended that Pentagon should closely work with New Delhi in the cyber security domain, writes Siddharth Srivastava.
“The committee encourages the Department to work closely with India in the cyber domain at appropriate strategic, operational, and tactical levels,” the Senate Armed Services Committee said. Recognition by America about the need to work with India on cyber matters could not have been better timed. Over the recent years, India has been making definitive and successful efforts to guard against cyber-attacks, especially from hackers based in Pakistan. A recent UN cyber security index 2017 has placed India a healthy 23rd among 165 nations.
India ranks one spot higher than Germany, while China is nine spots below India. The Indian Computer Emergency Response Team (CERT-IN), that operates under the ministry of electronics and information technology, is the official agency that has done a fairly good job in dealing with cyber-security threats like hacking and phishing. But, there is plenty of work to be done.
In July, for instance, following a global cyberattack on the APM Maersk Terminal, New Delhi advised major ports in India to conduct a cyber audit in coordination with the National Cyber Security Coordinator. The move followed official confirmation that APM-Maersk Terminal at the Jawaharlal Nehru Port Trust near Mumbai was impacted by the latest malware attack.
Overall, incidents of cybercrime in India have risen over 100% in 2015 from 2014, CERT-IN has said. Over 27,000 cyber security incidents were reported in first six months of this year. Sachin Shridhar, co-founder Lucideus, a cutting edge cyber security firm and thought leader in the space, told this writer that India has reached middling levels of guarding its cyberspace due to growing awareness about the need to protect the online domain.
“The financial sector, government servers and in particular e-commerce websites, however, continue to be vulnerable. E-commerce is a big area of concern as it can lead to leakage of personal data such as credit cards that can be misused,” Shridhar said. Echoing some of Shridhar’s concerns, experts from Russian cyber security firm Kaspersky Lab recently warned that India has caught the attention of hackers and a series of cyberattacks could soon adversely impact the country.
“India’s growing economy and digitalization are really a big concern as cyber attackers have now begun focusing on developing countries with big populations and average incomes,” Eugene Kaspersky, CEO of Kaspersky Lab, said at a conference in Singapore recently. Jagdeep Luthra, a well-respected independent digital consultant who has worked closely with top private entities told this writer that India’s paradigm on cybersecurity has an embedded fixation on plans, budgets and allocations with no real action at the ground level.
“Security is still seen in India as password centric without any strategic interventions to tackle vulnerability. It is viewed as just another layer to transact hassle-free without being embedded through design as an integral part of the system,” Luthra said. For most government departments, ‘Digital India’ means storing data in Excel files and uploading them on their websites for all to see or download in the name of transparency, added Luthra. A recent study by IIT Kanpur echoes Luthra’s views.
Demonetization and the digitization push has escalated cybercrime risks due to which India needs to set up a cybersecurity commission like the Atomic Energy and Space Commissions, the study said. Cybersecurity frameworks like CERT-IN are inadequate due to lack of inter-disciplinary and government-private sector partnerships. Advanced countries such as the U.S. can play a pivotal role to help India, the study advised.
Threat from China
Concerns that India should do more to protect its cyberspace have mounted following the Doklam standoff with China. More than the possibility of a military conflict between the two Asian giants is India’s vulnerability to vicious cyberattacks by skilled state-backed Chinese hackers, that Beijing can officially deny as an improbability. As per evidence, China is far ahead of India in cyber warfare capabilities, with ability to paralyze operations in crucial banking, finance, telecom and other sectors.
“India follows a more passive and defensive approach to cybersecurity aimed at protection; China is aggressive and pro-active and has a state-backed counter cyberattack strategy that has been in place for many years,” said Shridhar. “This makes India much more exposed to possible Chinese infringements over the cyber space than the other way around,” he added.
Indeed, such has been the threat of China-based hackers that western nations including the U.S., UK and Australia have been discussing the matter with Beijing at the highest levels.
In September 2015, when Barack Obama hosted Chinese President Xi Jinping, the two countries reached an agreement on cybersecurity setting aside years of skepticism and suspicion.
The jury is still out on the impact of the cyber deal in diluting Chinese-backed hacker activities. Given such contexts, New Delhi could do well to utilize its deepening business and strategic equations with Washington to reinforce its cyber preparedness.