Will Digital Security Agency in India be a reality?
For the first time in India, there is now a talk of a
“Digital Security Agency” of India to deal with Cyber Warfare, Cyber
Counter Terrorism and Cyber Security of National Digital Assets.
For too long India has been talking of being an e-Super
Power without addressing the issue of Digital Security. But now there is a
hope. The hope has come in the form of an election manifesto from one of
the major political parties of India namely the BJP. (Copy
of the manifesto) released on 3rd April, 2009.
While the Indian media headlines non-issues such as the
Ram Temple, none of the reporters seem to have the desire or capability of
understanding the possible impact of the Digital Security Agency to the IT
industry in general and the economic situation in a recession hit industry
in particular.
I urge the media to highlight these aspects.
A quick attempt is made here to highlight how the
Digital Security Agency can make a difference to the economy of India.
The “Digital Security Agency” (DSA) is effectively an
umbrella organization responsible for the security of “National Digital
Assets”. National Digital Assets consist of e-Governance infrastructure as
well as the key IT facilities in the country which may belong to the
private sector.
We are aware that at present National Security threats
emerge from not only conventional wars but also from terrorist activities
which is meant to blead the economy. Pakistan has been effectively using
this strategy to make India commit crores of rupees on the deployment of
security. However the conventional security agencies are unable to
effectively deal with the dimension of wars and terrorist activities which
happen in Cyber Space.
Today Cyber Terrorism takes many shapes. It may include
planting of trojans and viruses on a mass scale to make the Information
systems of a Country/region impotent. It may manifest in the form of Denial
of Service Attacks on mission critical systems. It may involve mass
defacement of websites. it may manifest in infection of websites with
viruses which download onto the systems of any visitor. It may manifest in
the form of hacking into e-mail accounts of key government functionaries
and private sector corporate executives to spy on sensitive communication.
It may also manifest in the form of Phishing attacks to drain the banking
system or corrupting the E-Commerce system through credit card thefts and
fraudulent usage. It can also manifest as W-Fi router hacking or domain
name hijacking. It could also manifest in pornography and softwar
piracy when they are used to plant trojans and viruses.
Information Security professionals know that all of the
above incidents are “Cyber Crimes” and “Information Security Beach
incidents”. But when these incidents occur simultaneously in large number
of systems belomnging to one country or region, they become parts of Cyber
Terrorism or Cyber wars.
Traditional Information Security mechanisms are unable
to cope with the Cyber Terrorism or Cyber War threats (CTCW threats)
because the attacks are sophisticated, backed by supply of adequate
resources, backed by strong non commercial motivation and with the support
of national Government resources. There are organized criminal gangs who
are patronized by rogue Governments who shelter the criminals and their
hosting facilities. It is just like the terrorist camps that are supported
in Pakistan to train and attack India.
While ITA 2008 has made some attempt to proide legal
backing for conduct of electronic surveillance and to bring Cyber terrorism
to book, it still needs to be backed up by a National Cyber Security Agency
which can focus on delivery of securitty on a national scale in the Cyber
Space.
DSA can be a fulcrum for development of such a National
Cyber Security Agency. First of all it can act as a coordinating agency for
National Cyber Intelligence and integrate the activities of Cyber Crime
policing in different states. It can also enter into cyber crime prevention
treaties with other countries to ensure international cooperation agaisnt
Cyber terror.
More importantly, when attacks emanate from a remote
server, following the principle of “Hot Pursuit”, the rogue servers can be
identified and disable with a counter Cyber attack. As a counter
intelligence strategy it can counter hack, plant its own intelligence
gathering mechanisms where required and defend the country against external
aggression through cyber space.
In implementing a national security plan, the private
sector IT agencies also need to be protected. Hence one layer of
information security responsibilities in a private sector IT agency would
be the responsibility of the DSA. Alternatively, it will be necessary for
the private sector to cooperate and work along with the DSA in
implementation of National Cyber Security plan. We may also recall that US
is also planning a Cyber Security Act which may create a similar set up
like DSA.
USA, UK and Australia have already committed billions of
dollars investment for creating a national security information network.
India will perhaps need an even larger investment. This investment would go
into the development of hardware and software as well as creating a
security manpower network. This has a potential for generating new
employment and new industrial investments.
We need to look also at whether such investments will
give a boost to domestic industry or result in drainage of foreign
exchange. In this context, the BJP’s IT vision assumes importance. This
vision envisages an aggressive support to the domestic hardware industry to
make India compete with China. India is already a leading software producer
and if some support is provided in R&D, it can continue to provide
leadership in the software sector. We can even develop an indigenous OS
or make Open source OS with user friendly application package a foundation
of Indian IT development.
What India may critically need for this purpose is
investment in production of an indigenous “Secure Computer System” where
the PCB is designed entirely under the watchful eyes of CDAC or such other
national agency which can ensure that the national interests are not
compromised through hardware items with pre-installed bugs.
If therefore the IT vision is also rolled out, then the
huge investments that are expected to be made in the DSA infrastructure
would result in a boost to the recession hit IT industry. If IT industry in
India revives, then it will also address the issue of employment
generation, increased domestic consumer spending and the spin off benefits
on other industries. In fact “Information Risk Management” would be a
business verticle of its own which IT industry may start to focus on.
I wish industry managers to study the business potential
of “Information Risk as a Business Paradigm” and bring out an industry
guide to assist planners in the IT industry. May be some management
institute in India such as the IIM Bangalore may take up such a study.
Hence the concept of DSA is not only an attractive
proposition from the security concern point of view but also could be a
strategy for revival of the Indian economy.
We all know that the DSA is now only a concept in the
manifesto of one political party. We donot know if the party will win and
come to power. We also donot know if even after coming to power, the
compulsions of coalition politics will allow all the manifesto declarations
to be implemented. But still to an average Indian who can understand the
power of IT, there is now a new found hope .. a hope that India can be an
e-Super Power by being able to first protect and defend its own Cyber
territory through a well conceived and well implemented DSA plan which will
also revive the recession trend in the economy.
Let’s “Dream.. Dream.. Dream..” like what was suggested
by Dr Abdul Kalam and ”Hope..Hope.. and Hope” that things will roll out in
such a manner that the National Cyber Security-2009 dream will come true.
Naavi
April 04, 2009
Copy of Cyber Security Bill as
available on April 5, 2009
IT Vision of BJP
Related Articles in Naavi.org:
BPO
for BPOs, A Security Solution
Threats to Cyber Security, Vision-2009
Cyber Security Command for India recommended
A
Unified Approach to National Cyber Security
State level Cyber Law Advisory Group Required
National Netizen’s Rights Commission Required in India