Upgrading India’s cyber security architecture also finding problems and their solutions

• Two things set aside India’s digital spaces from that of
  major powers such as the United States and China: design and density. India is
  a net information exporter. Its information highways point west, carrying with
  them the data of millions of Indians. This is not a design flaw, but simply
  reflects the popularity of social media platforms and the lack of any serious
  effort by the Indian government to restrict the flow of data. Equally important
  is the density of India’s cyberspace. Nearly 500 million Indians use the
  Internet today, but they do not access the Internet from the same devices. Apple’s
  market share in the U.S., for instance, is 44 per cent, but iPhones account for
  less than 1 per cent in India. The massive gap between the security offered by
  the cheapest phone in the Indian market and a high-end smartphone makes it
  impossible for regulators to set legal and technical standards for data
  protection.

• Smart cities are the future of urbanisation and population
  sustainability. The aim of smart cities is to provide a conductive environment
  for living, commercial activities, healthcare and overall development. Smart
  cities also predominantly rely upon use of information and communication
  technologies (ICT) to render public services. Wherever applicable, Internet of Things (IoT) (PDF),
  cloud computing and virtualisation and machine to machine (M2M) system usage is
  also there. However, this omnipresent usage of ICT, IoT, M2M, cloud computing,
  etc has a potential drawback as well in the form of indifference towards smart cities cyber security.


• It is not difficult to visualise a scenario of cyber-attacks against
  the critical infrastructures of the smart cities that are run by ICT and
  technology. Such a cyber-attack can cripple the entire smart city if properly
  executed. Critical infrastructure
  protection in India (PDF) is still at nascent stage. The
  national cyber security policy of India 2013 is also very weak and even that has not been implemented by Indian
  government so far. The much awaited cyber security policy of India
  2015is also missing so far.

             

• A strong cyber security infrastructure of India is need of the hour
  especially when there is no well settled international legal issues of cyber-attacks that
  can be invoked in the case of a cyber incidence. It is very important that
  international legal issues of cyber-attacks must be resolved by various government and non-government
  stakeholders. There is no globally acceptable cyber law treaty and cyber security treaty (PDF)
  that can govern the relationships between various countries.  Even the Tallinn Manual on the
  International Law Applicable to Cyber Warfare  (PDF) is just an
  academic document with no legal binding obligations. The truth is that Tallinn
  Manual is not applicable to international cyber
  warfare attacks and defense and countries are free to take measures as per their
  own choices.


• This has necessitated that cyber security related projects in India
  must be not only expedited but they must also be successfully implemented as
  soon as possible. Unfortunately, cyber projects like National Cyber Coordination Centre (NCCC) of India, National Critical Information Infrastructure
  Protection Centre (NCIPC) of India, Grid Security Expert System (GSES) of India,
  National Counter Terrorism Centre (NCTC) of India, Cyber Attacks Crisis Management Plan of India, Crisis Management Plan Of India For Cyber Attacks And Cyber Terrorism, Cyber Command For Armed Forces Of India, Tri Service Cyber Command for Armed Forces of India,
  Central Monitoring System (CMS) Project of India, National Intelligence Grid (Natgrid) Project of India, Internet Spy System Network And Traffic Analysis System (NETRA) of India, Crime and Criminal Tracking
  Network and Systems (CCTNS) Project of India, etc have still not
  been implemented successfully by Indian government.

                                                       

• This raises the pertinent question as to how Indian government would
  ensure cyber security of smart cities in India. We at Centre of Excellence for Cyber Security Research and Development in India
  (CECSRDI) believe that Modi government must take cyber security
  seriously. The cyber security challenges in India would
  increase further and India must be cyber prepared to protect its
  cyberspace. CECSRDI believes that the starting point is to draft the cyber
  security policy of India 2015 as the 2013 policy is highly defective and of
  little significance. We also believe that a dedicated cyber security law of India is need
  of the hour. The same must be a techno legal framework keeping
  in mind contemporary cyber security threats. Further cyber security disclosure norms in India must
  be formulated by Modi government. The cyber security awareness in India
  must be further improved so that various stakeholders can contribute
  significantly to the growth and implementation of cyber security initiatives of
  Indian government.