Upgrading India’s cyber security architecture also finding problems and their solutions

• Two things set aside India’s digital spaces from that of major powers such as the United States and China: design and density. India is a net information exporter. Its information highways point west, carrying with them the data of millions of Indians. This is not a design flaw, but simply reflects the popularity of social media platforms and the lack of any serious effort by the Indian government to restrict the flow of data. Equally important is the density of India’s cyberspace. Nearly 500 million Indians use the Internet today, but they do not access the Internet from the same devices. Apple’s market share in the U.S., for instance, is 44 per cent, but iPhones account for less than 1 per cent in India. The massive gap between the security offered by the cheapest phone in the Indian market and a high-end smartphone makes it impossible for regulators to set legal and technical standards for data protection.

• Smart cities are the future of urbanisation and population sustainability. The aim of smart cities is to provide a conductive environment for living, commercial activities, healthcare and overall development. Smart cities also predominantly rely upon use of information and communication technologies (ICT) to render public services. Wherever applicable, Internet of Things (IoT) (PDF), cloud computing and virtualisation and machine to machine (M2M) system usage is also there. However, this omnipresent usage of ICT, IoT, M2M, cloud computing, etc has a potential drawback as well in the form of indifference towards smart cities cyber security.
• It is not difficult to visualise a scenario of cyber-attacks against the critical infrastructures of the smart cities that are run by ICT and technology. Such a cyber-attack can cripple the entire smart city if properly executed. Critical infrastructure protection in India (PDF) is still at nascent stage. The national cyber security policy of India 2013 is also very weak and even that has not been implemented by Indian government so far. The much awaited cyber security policy of India 2015is also missing so far.

             

• A strong cyber security infrastructure of India is need of the hour especially when there is no well settled international legal issues of cyber-attacks that can be invoked in the case of a cyber incidence. It is very important that international legal issues of cyber-attacks must be resolved by various government and non-government stakeholders. There is no globally acceptable cyber law treaty and cyber security treaty (PDF) that can govern the relationships between various countries.  Even the Tallinn Manual on the International Law Applicable to Cyber Warfare  (PDF) is just an academic document with no legal binding obligations. The truth is that Tallinn Manual is not applicable to international cyber warfare attacks and defense and countries are free to take measures as per their own choices.
• This has necessitated that cyber security related projects in India must be not only expedited but they must also be successfully implemented as soon as possible. Unfortunately, cyber projects like National Cyber Coordination Centre (NCCC) of India, National Critical Information Infrastructure Protection Centre (NCIPC) of India, Grid Security Expert System (GSES) of India, National Counter Terrorism Centre (NCTC) of India, Cyber Attacks Crisis Management Plan of India, Crisis Management Plan Of India For Cyber Attacks And Cyber Terrorism, Cyber Command For Armed Forces Of India, Tri Service Cyber Command for Armed Forces of India, Central Monitoring System (CMS) Project of India, National Intelligence Grid (Natgrid) Project of India, Internet Spy System Network And Traffic Analysis System (NETRA) of India, Crime and Criminal Tracking Network and Systems (CCTNS) Project of India, etc have still not been implemented successfully by Indian government.

                                                       

• This raises the pertinent question as to how Indian government would ensure cyber security of smart cities in India. We at Centre of Excellence for Cyber Security Research and Development in India (CECSRDI) believe that Modi government must take cyber security seriously. The cyber security challenges in India would increase further and India must be cyber prepared to protect its cyberspace. CECSRDI believes that the starting point is to draft the cyber security policy of India 2015 as the 2013 policy is highly defective and of little significance. We also believe that a dedicated cyber security law of India is need of the hour. The same must be a techno legal framework keeping in mind contemporary cyber security threats. Further cyber security disclosure norms in India must be formulated by Modi government. The cyber security awareness in India must be further improved so that various stakeholders can contribute significantly to the growth and implementation of cyber security initiatives of Indian government.