It began as a research project in the early 70s, when a computer program was designed to move across networks leaving its trail behind. Subsequently, another program was designed to track and delete such creepers, and this gave the very first peek into cyber security checks. Over the years, size and performance, made it possible for computers to integrate into human society. With large scale interactions came security risks. The preamble of India’s National Cyber Security Policy 2013, defines cyberspace as ” a complex environment consisting of interactions between people, software and services, supported by worldwide distribution of information and communication technology (ICT) devices and networks”. Though it simply relates to or involves computer systems and it’s network, there is only a manageable definition of cyberspace, as a concrete one is yet to be suggested . Although a lot has been written on cyberspace, there is scope for more in-depth, critical and analytical research, to provide evidence for policy making. The sphere of the cyber domain can be analysed by looking at the extent of technological dependence the government has in order to provide tech-led services, to people and in turn the number of people connecting through such public-sector services. These interactions encompass almost two-thirds of the population. It also involves private enterprises which provide services and access. This multi-layered interactive structure which is deeply embedded into society, may be called a cyber domain and is just a part of a larger space that is yet to be accounted for whose dominion extends beyond earth to even space.
Threats and Challenges
The recent past has seen a large scale surge in cyber intrusions and attacks threatening infrastructures such as banking, energy, education institutions, health care, defense, transportation, government facilities, ITs, etc. More often than not banking and financial institutions stand at high risk. Disruptions in the form of stealing credentials, denial of services, skimming credit cards are common. Such damage in cyberspace is not a new phenomenon, but has evolved in its sophistication since the beginning of the twenty-first century. The threat perceptions include among others, malware, ransom-ware to an advanced trojan that could cause severe damage financially and technically. In terms of national security, the emergence of cyber warfare seems to be more challenging than conventional warfare as it is almost impossible to detect the enemy’s nature.
In any case, the enemy is either a motivated individual, or a group of criminals acting on behalf of state or non-state actors. According to security software firm Symantec, India ranks among the top five countries along with the US and China in terms of number of cyber threats and targeted attacks. According to ASSOCHAM- PwC report, 2019, the number of smartphone users in India will double to 859 million by 2022 from 468 million users in 2017, growing at a CAGR of 12.9%. As numbers of users grow, so does the security threat. Insecure features and mismanagement will invite unexpected threats. Since, the rate of obsolescence of technology is not known yet, with every new technology comes a new problem. There are no definitive solutions to tackle existing problems and the door of threat perception always remains open. This may go on unless there is certainty to technological evolutionary obsolescence1.
Security challenges can be identified at various levels. The operating system, applications, and system software rely heavily on hardware constituents. Therefore, there is greater possibility to sneak in a leak or leave a backdoor through Radio Frequency Identification (RFID) boards, eventually allowing the external actor to have access to the user’s system when manufacturing a hardware component. Again, foolproof operating systems and application software cannot be expected from the vendor if there are malicious intentions like misusing data etc.
A large scale physical infrastructure is controlled and managed by cyber assets in the form of an array of computers, data centers, servers, networking components, and a host of equipments run on the internet. Since each of these platforms is intertwined, an inattentive step or failure in recognising the malicious content in the system could cause enormous physical and economical damages that may render the whole infrastructure useless. So it becomes critical to have proper coordination among cyber assets.
On observing the global landscape, it is seen that not many countries have robust cyber security policies. However, the United States of America and European Union have adopted a multi-layered cyber security strategy. The thrust area for the EU has been in preserving open and free cyberspace and upholding European values, whereas the US aims to protect its sovereignty and citizens while advancing its influence globally. India can adopt a similar strategy and simultaneously lead in cyber diplomacy through building norms. The Indian National cybersecurity policy 2013, provides robust ideas in assessing and handling threats. In its vision statement, it aspires ‘to build a secure and resilient cyberspace for its citizens, businesses, and government’. As much as the government would like to take the initiative in leading and assuring that cyberspace is best protected, it realises the shortcomings. A regulatory framework from system to a network protocol that dictates the functioning of cyberspace with a layer of governance in between the service provider and user is required.
Since, the government does not have expertise and manpower to either regulate or manage cyber security, it needs to collaborate with private corporations through the PPP model to bridge this gap. Investing in R&D and training next generation cyber security experts in academic institutions is essential. Constituting a Computer Emergency Response Team (CERT) at the state level, and encouraging states to formulate state oriented cyber security policies should be thought of while creating critical information & infrastructure protection centres at state and central level, with a mandate to act independently. State of art Data Centres, e-storages, indigenous manufacturing of e-components and regular cyber audits must be conducted. A dedicated para cyber force or e-force to act independently of a regular force along with accountability, assessment and coordination among service providers and security agencies must be set up.
With the future of technology in India looking bright under Industrial Revolution 4.0, there is a need for a strong framework that can tackle all cyber security challenges. Much hope has been generated with the Indian Government proactively taking the step towards the process of formulating the National Cyber Security Strategy 2020, under the aegis of the National Security Council Secretariat. . It would be interesting to see how it addresses its previous lacunae and lays the road for a robust and secure cyberspace in India.
- Ford, Simon. (2010). Technological obsolescence: Insights from the PC industry. 10.13140/RG.2.1.2118.6162.