10 Cyber Policy Expectations from the Indian Government
Srinivasan Sriram, co-founder, iValue InfoSolutions, states it’s time for the new government to build a holistic cyber policy and establish cyber defense organizations in order to lead the country into a safe, secure, and resilient digital future.
India Inc., both Government and Private entities have been steadily migrating to DIGITAL world. During the last few years most Government to Business and Government to Citizen Services have moved to internet and mobile. With Digital focus and drive, we expect ALL G2B and G2C services to be online very soon. Business across size and vertical are already at various stages of Digital transformation for their entity leveraging technologies such as hybrid cloud models, Big data analytics, IoT, ML & AI, social media leverage, etc… to enhance relevance and build scale for growth. Aadhar is leveraged by central and state Governments for direct benefit transfer under the social schemes covering crores of citizens, digitally. Intend is leveraging digital means to avoid human interface at all Government touch points with an objective to enhance transparency, cut delays and avoid corruption.
Along with the numerous benefits of Digital world come the numerous risks, and we are seeing incidence of compromise growing geometrically. In an always connected world driven by smartphones, the risk posed to privacy, identity and financial assets are growing with every minute. The awareness levels being considerably low, the dark world is taking advantage by exploiting them for financial gains at both individual and business entity level, from all across the world.
The threat to our critical infrastructure with more being Digital in nature is looming dangerously and can bring the country to its knees if not managed proactively with all the might available to stay ahead. Over the years we have seen consistent enhancement of budget and capabilities to physical defense area covering Army, Navy and Air Force. We continue to see sporadic incidences where they are called upon to thwart any risk to our country and its boundaries.
The threat on the Digital space is relentlessly happening every second and is the new way of war in real time aimed at both government and its citizens and the business along with critical infrastructure. We need to dramatically change our priorities and perception of this new cyber threat which needs more attention, priority and budgets as compared to defense budgets and priorities. Over the recent past, we did see lot of focus and priority in the Cyber security front, though the situation on ground calls for a transformational approach to combine multiple agencies to come under one umbrella for real time monitoring of threats, proactive offence to mitigate and protect, gathering of intelligence across physical and cyberspace with a quick reaction capabilities to ward off threats at its bud before it can cause any damage.
Given the above context, it’s time for the new government to build a holistic cyber policy and establish cyber defense organizations in order to lead the country into a safe, secure, and resilient digital future. The corporate world is optimistic that NDA 2.0 will address their concerns and partner with them to fuel growth of the economy and create jobs.
Time to Build Upon the Foundation
Information Technology is one sector that the prime minister himself has been a big advocate of and on numerous occasions, has impressed upon the need to leverage technology for the country’s growth. While there have been notable initiatives to push the use of technology during his first tenure, there is still a long road to cover in order to truly realize the potential of technology in a country which is as diverse as India. I feel a beginning has been made and now is the time to build upon this foundation to create a holistic cyber policy. I present here my expectations from and some suggestions for Modi-led government that I believe can place India in the highest echelons of cyber leadership, globally.
- Amend and Update the IT Act 2000 (Cyber Law): An absolute first step towards building a holistic cyber defense strategy is the amendment of the IT Act 2000, commonly known as the Cyber Law. Much water has flown under the bridge since the Act came into existence and there is a pressing need to update the Act. Some of the provisions have become redundant and cannot address the issues arising from the evolving threats. Such provisions must be suitably amended to keep in step with an ever-evolving cyber landscape.
- Enact the Data Protection Law: We are now living in a digital-first world with people spending significant amount of time online. Increasingly people are shopping, banking, and entertaining online, which requires them to share their personal information—phone number, address, credit card details, and so forth. As a result, there’s a large volume of personally identifiable customer data easily available on the internet. This makes both people and businesses vulnerable to cyber-attacks. To protect people from exposure to potential cyber-crimes, the government must look to enact data protection laws on the lines of European Union’s General Data Protection Regulation (GDPR), making it the responsibility of the businesses to ensure privacy and protection of their customer data.
- Online Gaming Regulator: Online gaming is a booming industry globally with revenues expected to exceed $180 billion in 2021. The increased use of smartphones is further driving the growth of the online gaming industry with mobile gaming contributing more than half of all the global gaming revenues. This success is attracting more players, developers, franchises, and advertisers to the industry. However, there’s a flip side to it as well. While many kids pose as adults to gain access to online gaming platforms, a lot of players are getting addicted to these online games. A steady financial growth has also made the online gaming industry lucrative for bad actors looking to exploit the gaming platforms for criminal gains. It is therefore imperative that stringent regulations be introduced to help prevent our kids from gaining unauthorized access, protect gamers from becoming addicts, and prevent the bad actors from abusing the online gaming platforms. The regulations must mandate protection of these platforms from abuse in order to safeguard the genuine users.
- India’s Artificial Intelligence and Robotics: While regulations and directives are needed to ensure that businesses take data/cyber security seriously and deploy adequate measures to safeguard the interest of their customers, the bigger need is that of leveraging artificial intelligence to make business processes more efficient. Artificial Intelligence and Robotics have emerged as powerful technologies that not only can automate repetitive and mundane jobs with more efficient automated processes but also foster innovation to create data-driven solutions to solve everyday problems. Therefore, the government must consider investing in building a business ecosystem that can leverage artificial intelligence and robotics to improve operations and enhance productivity.
- Secure Cyber Space with Cyber Defense Agency: In the digital-first economy, geographical boundaries are fast fading away. Threats have become global, putting governments, citizens, and businesses of all sizes at risk. Hackers can easily hide behind the anonymity of the internet and orchestrate massive cyber-attacks in any part of the world, at will. Our cyber defenses must be robust to intercept and block any such attempts to exploit cyber security posture. The government must make the Cyber Defense Agency functional, that is entrusted with the responsibility of securing the cyber space.
- Establish State-level CERTs: Cyber security is central to a nation’s strength. However, despite utmost care, tech-savvy opponents can have an upper-hand and be successful in orchestrating data breaches, denial of service and numerous other cyber-attacks. Computer Emergency Response Team or a CERT is the official emergency team that handles such cyber security incidents and provides guidelines based on research to improve cyber security systems. CERT also conducts public awareness campaigns. The central government must replicate the CERT at the state-level in the country to ensure speedier incident response.
- Establish NDA with Cyber Cadets: In an era of cyber warfare, battles must also be won online. On the lines of our armed forces, the country needs capable soldiers to ward off cyber skirmishes. For an all-round cyber defense, the country needs an elite cyber commando force that is capable of neutralizing any cyber enemy. The government must look to establish a National Defense Academy that provides rigorous training to cyber cadets.
- Establish Cyber Police Cadre in State Police: While there are cyber cells in police force, these are not only inadequate in numbers but are also limited in terms of capabilities. The government must lay emphasis on empowering these cyber cells by deploying specialized cyber police cadre in all state police. Advanced training in cyber security hygiene must be provided to adequately arm our cyber police personnel to effectively tackle the growing cyber-crime related complaints from common citizens.
- Establish a Cyber Spy Organization: The success of an all-round cyber defense will depend on intelligence inputs and close co-ordination with global intelligence agencies. Cyber space is ripe with criminals who can orchestrate complex crimes and promote terrorist activities. There have been numerous incidents of terror outfits leveraging technology and the internet to brain-wash gullible youngsters and recruit them for terrorist activities. A cyber intelligence/spy agency, much likes the RAW and/or IB must be formed to gain and share credible and actionable intelligence to unearth and combat the evolving cyber threats.
- Establish a Telecom Equipment Testing Lab: Building a robust, reliable, and scalable cyber defense infrastructure will require significant investments in telecom equipment. However, spurious or sub-standard equipment can themselves act as attack vectors, which in turn can open up large surface for potential cyber-attacks. To ensure that the cyber defense infrastructure is built only on qualified and trusted telecom equipment, government must establish testing labs in India that will certify the equipment after rigorous tests, such that only qualified equipment can be sold in India.
As a country, we are on the verge of stepping into the digital future with efforts being made for greater digitization in the next tier cities in the urban areas and the villages. However, to ensure that the digital future is secure for all of its citizens, the country must be secured with robust cyber defenses. The government must, therefore, craft a holistic cyber policy around the above mentioned points that will help build resilience into the DNA of the security fabric. In addition to fortifying the country’s cyber defenses, it will create millions of jobs that in turn will reduce the unemployment rates in the country.