The face behind the mask of Cyber space
Last month, I attended a Cyber Security Summit in Bangalore. I was one of the speakers there. M.N. Vidyashankar, Principal Secretary, Department of Information Technology, Biotechnology and Science and Technology, hosted the southern chapter of the Cyber Appellate Tribunal. Speaking at the inaugural session of the third edition of the Bangalore Cyber Security Summit, Vidyashankar said that the Karnataka State has taken a lead by establishing the first cyber security laboratory in the country, at Mangalore. A recent study of cyber security across the world showed that it costs 2.7 times more to plug “security breaches” after they found, which is more than the investments made in preventive measures. The breaches in Sony’s PlayStation last year and of the data security breaches at the National Health Service in the UK can be underlined as an issue.
A viable approach would be to tax IT companies/services profits and earmark an amount for the creation of a National Institute of Communications Research that will attract and keep hold of the best talent from and around the world and will be managed on a pay for presentation basis. With Indian IT industry being very short term profit focused, it is unlikely that some major effort will emerge without government coordinating it. Cyber security is a “Cat and Mouse” game, the IT admin managing a network or server has to keep him updated and the computers. Same goes for the people working in that office or home. However, most IT admins in government sector hired employees on contract basis other than the qualification. These employees also do the same thing what our government employees do the best. Instead, this should be outsourced to some private Indian company. Secondly, any security company will tell you that, if there is a confidential data then do-not-connect that machine to internet. However, in a large organisation where offices are far away and need to access the data; then allow only those who are required, and that too over secured layer.
Education is important for any government officer. Also understand that a determined attack will be able to break in. First, let us make the real space safe. We should worry about imaginary stuxnets attacking our installations after sorting out real threats of a mundane kind that take aim at our country, which are poverty, tiny mean microbes, and above all, real education in its true sense. If we work on this, the youngsters of today who are now coding their youth away for money, will take care of stuxnets and bigger threats, and not let graying men in suits worry about them. Indian Government seems to have a problem with freedom. The Internet gives people freedom and the Indian Government doesn’t like it. The Indian public is not concerned with the likes of STUXNET for their utilities when a rain shower can cause a power cut. The only problem for individuals is identity theft when thieves using other people’s identities to obtain goods and services. Other countries in Asia use and embrace the internet but in India, there is fear. The government is in the process of putting in place the capabilities and the systems that will enable us to deal with this anarchic new world of constant and undeclared cyber threat, attack, counter-attack and defense. We need to prepare ourselves to deal with both, threats to cyberspace and risks arising through cyberspace.
The biggest shame to our country is NTRO, they hardly have any control or updates. Some of the officials of NTRO are struggling to hold powers and to bypass orders and accountability. NTRO is tasked to deal with the protection of our critical security cyber infrastructure; institutions like CERT-IN have proved their worth during events like the Commonwealth Games in defending our open civil systems. Even CERT-IN is in clouds of controversy. They need to harden their networks and develop metrics to certify and assure that critical cyber networks, equipments and infrastructure are secure. They need to create a climate and environment within which security is built into our cyber and communications working methods. And, most important, they must find ways to indigenously generate the manpower, technologies and equipment that are required for cyber security.
There is only one part of the IDSA Task Force’s recommendations with which I have a difference in emphasis. It speaks about “proactive diplomatic policy” on cyber security, and suggests that multilateral efforts for international internet governance are useful. Most proposals for international internet governance are thinly masked efforts to control or shape the internet, and some are ideologically driven. Inter-governmental rules of the road are certainly desirable. No one can argue against them.
Let us, therefore, concentrate on putting our own cyber security house in-order, which should be our first priority. However, talking about law, law itself is a myth, it can never be perfect, it has to keep changing and keep updating, just like security. NTRO declared many project in the past looping in Indian hackers and security personnel, but they miserably flopped. Most of the government servers already ‘rooted’ (backdoored with administrative privileges) by Pakistani hackers; there is ongoing silent cyber war but no adequate control. All future wars will have largely domain of cyber warfare which can paralyse computers by malware or mislead command and control systems. Cyber wars continue on 24×7 bases. During war and during peace, more time is given to ‘load the guns’ id test and to gain access whilst everything seems silent. DRDO has onerous task ahead to secure our cyberspace, networks, websites, computers, ensuring scrambling of data for military usage in coordination with other agencies in the arena.
If cyber war takes place, India would be stalled for ten years in growth, because 60 per cent of our infrastructure is online. There are various Indian hackers groups which have indulged in notorious activities; in the name of #OpIndia, hackers are damaging our own cyber space. Hate posts, communal sites, religious hated, jihad, extremism, war, revolution everything has taken shape in the virtual world and on the other hand Government is stagnate with traditional methods and no updates. #OpIndia started with a pseudo motive of revolution by ‘forced’ methods. The king-pin of #OpIndia started this operation with the hope of enraging the citizens and getting them ‘on the streets’ but, it failed. My analysis tells me that Anonymous is a very brilliantly organised criminal group which has taken chaos as the shield to perform their activities. They could counter attack FBI website and take a toll of government networks but, cannot hack Facebook?
Anonymous has never given a ‘deadline’; to my surprise, the recent repo-set-back by failed OpFacebook has helped the ‘core’ to be even more stronger and out of focus since not many people have indulged themselves in finding the core. Looking at countries like Egypt and Libya, India can never learn. Perhaps, it is possible only after the catastrophe because, that is what we do! We study right before the exams and bunk the college lectures. Attitude starts from there which turns into habit of living and thus, the future of the nation. God save this country.
(Group Editor NBC)