Two things set aside India’s digital spaces from that of major powers such as the United States and China: design and density.
Design
India is a net information exporter.
Its information highways point west, carrying with them the data of millions of Indians.
This is not a design flaw, but simply reflects the popularity of social media platforms and the lack of any serious effort by the Indian government to restrict the flow of data.
Unrestricted information flow makes India’s cyber security architecture susceptible to many perils.
Density
Nearly 500 million Indians use the Internet today, but they do not access the Internet from the same devices.
Apple’s market share in the U.S., for instance, is 44 per cent, but iPhones account for less than 1 per cent in India.
The massive gap between the security offered by the cheapest phone in the Indian market and a high-end smart phone makes it impossible for regulators to set legal and technical standards for data protection.
Digital intrusions
India’s national security architecture faces a difficult task in cyberspace due to lack of control over hardware used by Indian Internet users as well as the information that is carried through them. India’s infrastructure is susceptible to four kinds of digital intrusions:
(a) Espionage: Involves intruding into systems to steal information of strategic or commercial value.
(b) Cybercrime: Referring to electronic fraud or other acts of serious criminal consequence.
(c) Attacks: Intended at disrupting services or systems for a temporary period.
(d) War: Caused by a large-scale and systematic digital assault on India’s critical installations. Lack of national security architecture
There is no national security architecture today that can assess the nature of cyber threats and respond to them effectively.
India’s civilian institutions have their own fire-fighting agencies, and the armed forces have their own insulated platforms to counter cyber-attacks.
Recognising the strategic dimensions of cyberspace, the Prime Minister’s Office (PMO) created the position of the National Cyber Security Coordinator in 2014. What could such an agency look like?
The asymmetric character of digital warfare requires a multi-agency organisation that is technically equipped, but also bases its decision on sound strategy and regular policy inputs.
Permanent and semi-permanent staff that is technically proficient in cyber operations,
India faces a shortage of officers trained in creating and breaking encrypted platforms as well as using digital networks for intelligence gathering.
Were such a National Cyber Security Agency (NCSA) to be created, it should have a functional “nucleus” or secretariat.
The second requirement is to coordinate the agency’s policy functions and operations.
The current cyber security policy, articulated in 2013 by the Ministry of Communications and Information Technology, is basically a statement of first principles.
The NCSA should be guided by a document outlining India’s cyber strategy, much like its nuclear doctrine.
India currently has a top layer of agencies performing cyber operations — the National Technical Research Organisation, the National Intelligence Grid, and the National Information Board etc.
India’s intelligence agencies should separately provide their consolidated inputs to aid the operations of the NCSA.
India should not hesitate to build its offensive cyber capabilities.
This would involve the development of software designed to intrude, intercept and exploit digital networks.
India’s cyber command should be the primary agency responsible for the creation and deployment of such weapons.
Conclusion
A fully operational cyber command will take years to complete. The government would do well to pursue a two-pronged strategy in the interim.
Advocate restraint in cyberspace as a global norm. India is an active participant in discussions around the Tallinn Manual, which is a set of non-governmental guidelines for engagement during war.
The government should draft recruitment guidelines to hire and train a cadre of cyber specialists.
