VAR Panchayat

Building India’s Cyber Security Framework

by VARINDIA 2017-03-18

The government and private sector should work together to give cyber security not only verbal enhancement but also back it up with their long-term security and risk management plans

India is currently ranked fourth in the world, according to a 2016 leading cyber entity report pertaining to largescale cyber-attacks. On 23rd August, 2016, there were just over 390,000 cyberattacks against India that were reported in the documented open-source arenas. Based on this extremely disturbing fact, one must also ask how to rate the current cybersecurity infrastructure in India and how can it be strengthened?

The cyber-attacks cannot be prevented by the simple security services in isolation. Vulnerability or threat is an extremely misplaced and broad term in the case of cyber-attacks as technology is changing every day. The defence of cyberspace necessarily involves the forging of effective partnerships between public organizations charged with ensuring the security of cyberspace and those who manage the use of such space like government agencies, banks, critical and strategic infrastructures, manufacturing and service enterprises in industry and individuals.

India has all the right reasons to be extremely vulnerable as there is no real cyber awareness education, teaching or training for the vast majority of India’s 1.25 billion population.

All of the government and the larger private-sector players give cybersecurity a verbal enhancement but not a real priority in their long-term security and risk management plans. There is, however, certain consensus and understanding between the government and private sector that the only way to build a solid platform and cyber secure framework is to work together and implement this jointly, as was done in an extremely successful IT initiative several years back. In essence, there is a real sense of false security being created but no real understanding among the population that a massive cyberattack could really shut down or worse

take control of critical and strategic infrastructures such as power plants, airports, hospitals and indeed the media infrastructure, wreaking mass havoc and casualties to human lives and property just as a massive terror attack or a largescale bombing could.

In asking what immediate precautionary measures must India take to ensure cybersecurity and continuous overall security, especially when we have migrated to a system where all individual data is available online and territorial borders are only coloured lines on a map, one should divide the threats into private sector, including the average individual, corporate and then government.

Cyber awareness education and training are paramount and of vital importance. Cyber defensive technologies are essential and preemptive proactive awareness is critical.

Without basic awareness of all risk spheres and sectors and understanding the critically real dangers from the ground up, the building of India's cybersecurity framework will be all but lost.

The government, for example, may take years to purchase a new technology that will assist without delay, but by the time the procurement process is authorized, new attacks and threats become evident and the cycle simply becomes a vicious one.

In appreciating that Israel is dubbed a cyber powerhouse, one must understand that the challenges and ongoing array of “defending against attack” experience Israel faces hourly, and this has been for as long as the State of Israel has been independent, have created an awareness and understanding that society must be predicative, proactive and indeed vigilant in defending itself and with government backing. Hence, the result is a full understanding that cyber defence alongside physical security is, indeed,

the future and knowing the threats and the enemy is critical and vital to survival and continuity. There is no room for complacency in the Israeli society.

"The best defence is a good offence" is an adage that has been applied to many fields of endeavour, including games and military combat. It is also known as the Strategic Offensive principle of war. Generally, the idea is that proactivity (a strong offensive action) instead of a passive attitude will preoccupy the opposition and ultimately hinder its ability to mount an opposing counterattack, leading to a strategic advantage.

In developing and improving the cybersecurity infrastructure of India, one must realize that after government, banks and the private sector are, indeed, the most favoured for cyber-attacks. Awareness, education, training, the right technology and the sharing of intellectual knowledge are all essential in order to ensure that by cooperative measures we can all succeed in delivering the tools to detect, delay and eventually deter the threats.

Envisioning India’s cybersecurity framework, India could possibly gain by replicating definite elements of Israel’s cybersecurity ecosystem, and adapt, in accordance with its respective needs. Israel’s cybersecurity domain is extremely security-aware and constantly evolves as cyber-threats evolve. A recent change affecting Israel’s cybersecurity ecosystem promotes participation by numerous actors via infusing a mélange of the governmental sector, leading corporate companies and academia.