Campaign started on Cybersecurity launched by Australia

Australia
set out a far-reaching cybersecurity strategy on Thursday, invoking the leaks
of United States whistleblower Edward Snowden, terrorism and even the threat of
war to push for a coordinated global approach to protection of online data and
also transform into a tech-savvy business hub as its economy deals with a
commodities downturn. In a speech in Sydney, the former online entrepreneur
said hacking attacks cost the country a $1 billion ($780 million) a year and
unveiled a long list of measures - from appointing his own special
cybersecurity adviser to having internet safety taught in schools - to make the
online world freer and safer. "There's no global institution or
infrastructure more important to the future prosperity and freedom of our
global community than the Internet itself," Turnbull said,

"The
same qualities that enable us freely to harness cyberspace for prosperity can
also provide an avenue for those who may wish to do us harm," he said. Turnbull
acknowledged the public has become skeptical about government activity online
since U.S. National Security Agency contractor Snowden leaked classified
documents in 2013, and again this year when the U.S. Federal Bureau of
Investigation sought access to an Apple Inc iPhone used by one of the shooters
in killings in San Bernardi                      

no, California. But he said that "in certain
very specific circumstances government will work with the private sector ... to
fight serious online crime and extremism and to thwart terrorists and others
who seek to hide their illegal activities online". Turnbull, who delivers
his first budget in May, two months before the election, said he wants to spend
A$230 million on 33 cybersecurity. He also plans to relocate the cybersecurity
office of intelligence agency, the Australian Signals Directorate, outside the
broader Australian Security Intelligence Organisation to make it easier to
coordinate with businesses. Online security industry executives welcomed the
strategy, noting it was Australia's first review of its cyber protection
systems in six years. "Given the speed with which these things have moved,
we are overdue, and strategy goes some way to making good progress," said
Phil Vasic, the Australian managing director of U.S.-listed cybersecurity firm
FireEye Inc, who was at the Turnbull speech.

Campaign started on Cybersecurity launched by Australia

Australia set out a far-reaching cybersecurity strategy on Thursday, invoking the leaks of United States whistleblower Edward Snowden, terrorism and even the threat of war to push for a coordinated global approach to protection of online data and also transform into a tech-savvy business hub as its economy deals with a commodities downturn. In a speech in Sydney, the former online entrepreneur said hacking attacks cost the country a $1 billion ($780 million) a year and unveiled a long list of measures - from appointing his own special cybersecurity adviser to having internet safety taught in schools - to make the online world freer and safer. "There's no global institution or infrastructure more important to the future prosperity and freedom of our global community than the Internet itself," Turnbull said,

"The same qualities that enable us freely to harness cyberspace for prosperity can also provide an avenue for those who may wish to do us harm," he said. Turnbull acknowledged the public has become skeptical about government activity online since U.S. National Security Agency contractor Snowden leaked classified documents in 2013, and again this year when the U.S. Federal Bureau of Investigation sought access to an Apple Inc iPhone used by one of the shooters in killings in San Bernardi                      

no, California. But he said that "in certain very specific circumstances government will work with the private sector ... to fight serious online crime and extremism and to thwart terrorists and others who seek to hide their illegal activities online". Turnbull, who delivers his first budget in May, two months before the election, said he wants to spend A$230 million on 33 cybersecurity. He also plans to relocate the cybersecurity office of intelligence agency, the Australian Signals Directorate, outside the broader Australian Security Intelligence Organisation to make it easier to coordinate with businesses. Online security industry executives welcomed the strategy, noting it was Australia's first review of its cyber protection systems in six years. "Given the speed with which these things have moved, we are overdue, and strategy goes some way to making good progress," said Phil Vasic, the Australian managing director of U.S.-listed cybersecurity firm FireEye Inc, who was at the Turnbull speech.

Upgrading India’s cyber security architecture also finding problems and their solutions

• Two things set aside India’s digital spaces from that of
  major powers such as the United States and China: design and density. India is
  a net information exporter. Its information highways point west, carrying with
  them the data of millions of Indians. This is not a design flaw, but simply
  reflects the popularity of social media platforms and the lack of any serious
  effort by the Indian government to restrict the flow of data. Equally important
  is the density of India’s cyberspace. Nearly 500 million Indians use the
  Internet today, but they do not access the Internet from the same devices. Apple’s
  market share in the U.S., for instance, is 44 per cent, but iPhones account for
  less than 1 per cent in India. The massive gap between the security offered by
  the cheapest phone in the Indian market and a high-end smartphone makes it
  impossible for regulators to set legal and technical standards for data
  protection.

• Smart cities are the future of urbanisation and population
  sustainability. The aim of smart cities is to provide a conductive environment
  for living, commercial activities, healthcare and overall development. Smart
  cities also predominantly rely upon use of information and communication
  technologies (ICT) to render public services. Wherever applicable, Internet of Things (IoT) (PDF),
  cloud computing and virtualisation and machine to machine (M2M) system usage is
  also there. However, this omnipresent usage of ICT, IoT, M2M, cloud computing,
  etc has a potential drawback as well in the form of indifference towards smart cities cyber security.


• It is not difficult to visualise a scenario of cyber-attacks against
  the critical infrastructures of the smart cities that are run by ICT and
  technology. Such a cyber-attack can cripple the entire smart city if properly
  executed. Critical infrastructure
  protection in India (PDF) is still at nascent stage. The
  national cyber security policy of India 2013 is also very weak and even that has not been implemented by Indian
  government so far. The much awaited cyber security policy of India
  2015is also missing so far.

             

• A strong cyber security infrastructure of India is need of the hour
  especially when there is no well settled international legal issues of cyber-attacks that
  can be invoked in the case of a cyber incidence. It is very important that
  international legal issues of cyber-attacks must be resolved by various government and non-government
  stakeholders. There is no globally acceptable cyber law treaty and cyber security treaty (PDF)
  that can govern the relationships between various countries.  Even the Tallinn Manual on the
  International Law Applicable to Cyber Warfare  (PDF) is just an
  academic document with no legal binding obligations. The truth is that Tallinn
  Manual is not applicable to international cyber
  warfare attacks and defense and countries are free to take measures as per their
  own choices.


• This has necessitated that cyber security related projects in India
  must be not only expedited but they must also be successfully implemented as
  soon as possible. Unfortunately, cyber projects like National Cyber Coordination Centre (NCCC) of India, National Critical Information Infrastructure
  Protection Centre (NCIPC) of India, Grid Security Expert System (GSES) of India,
  National Counter Terrorism Centre (NCTC) of India, Cyber Attacks Crisis Management Plan of India, Crisis Management Plan Of India For Cyber Attacks And Cyber Terrorism, Cyber Command For Armed Forces Of India, Tri Service Cyber Command for Armed Forces of India,
  Central Monitoring System (CMS) Project of India, National Intelligence Grid (Natgrid) Project of India, Internet Spy System Network And Traffic Analysis System (NETRA) of India, Crime and Criminal Tracking
  Network and Systems (CCTNS) Project of India, etc have still not
  been implemented successfully by Indian government.

                                                       

• This raises the pertinent question as to how Indian government would
  ensure cyber security of smart cities in India. We at Centre of Excellence for Cyber Security Research and Development in India
  (CECSRDI) believe that Modi government must take cyber security
  seriously. The cyber security challenges in India would
  increase further and India must be cyber prepared to protect its
  cyberspace. CECSRDI believes that the starting point is to draft the cyber
  security policy of India 2015 as the 2013 policy is highly defective and of
  little significance. We also believe that a dedicated cyber security law of India is need
  of the hour. The same must be a techno legal framework keeping
  in mind contemporary cyber security threats. Further cyber security disclosure norms in India must
  be formulated by Modi government. The cyber security awareness in India
  must be further improved so that various stakeholders can contribute
  significantly to the growth and implementation of cyber security initiatives of
  Indian government.

Upgrading India’s cyber security architecture also finding problems and their solutions

• Two things set aside India’s digital spaces from that of major powers such as the United States and China: design and density. India is a net information exporter. Its information highways point west, carrying with them the data of millions of Indians. This is not a design flaw, but simply reflects the popularity of social media platforms and the lack of any serious effort by the Indian government to restrict the flow of data. Equally important is the density of India’s cyberspace. Nearly 500 million Indians use the Internet today, but they do not access the Internet from the same devices. Apple’s market share in the U.S., for instance, is 44 per cent, but iPhones account for less than 1 per cent in India. The massive gap between the security offered by the cheapest phone in the Indian market and a high-end smartphone makes it impossible for regulators to set legal and technical standards for data protection.

• Smart cities are the future of urbanisation and population sustainability. The aim of smart cities is to provide a conductive environment for living, commercial activities, healthcare and overall development. Smart cities also predominantly rely upon use of information and communication technologies (ICT) to render public services. Wherever applicable, Internet of Things (IoT) (PDF), cloud computing and virtualisation and machine to machine (M2M) system usage is also there. However, this omnipresent usage of ICT, IoT, M2M, cloud computing, etc has a potential drawback as well in the form of indifference towards smart cities cyber security.
• It is not difficult to visualise a scenario of cyber-attacks against the critical infrastructures of the smart cities that are run by ICT and technology. Such a cyber-attack can cripple the entire smart city if properly executed. Critical infrastructure protection in India (PDF) is still at nascent stage. The national cyber security policy of India 2013 is also very weak and even that has not been implemented by Indian government so far. The much awaited cyber security policy of India 2015is also missing so far.

             

• A strong cyber security infrastructure of India is need of the hour especially when there is no well settled international legal issues of cyber-attacks that can be invoked in the case of a cyber incidence. It is very important that international legal issues of cyber-attacks must be resolved by various government and non-government stakeholders. There is no globally acceptable cyber law treaty and cyber security treaty (PDF) that can govern the relationships between various countries.  Even the Tallinn Manual on the International Law Applicable to Cyber Warfare  (PDF) is just an academic document with no legal binding obligations. The truth is that Tallinn Manual is not applicable to international cyber warfare attacks and defense and countries are free to take measures as per their own choices.
• This has necessitated that cyber security related projects in India must be not only expedited but they must also be successfully implemented as soon as possible. Unfortunately, cyber projects like National Cyber Coordination Centre (NCCC) of India, National Critical Information Infrastructure Protection Centre (NCIPC) of India, Grid Security Expert System (GSES) of India, National Counter Terrorism Centre (NCTC) of India, Cyber Attacks Crisis Management Plan of India, Crisis Management Plan Of India For Cyber Attacks And Cyber Terrorism, Cyber Command For Armed Forces Of India, Tri Service Cyber Command for Armed Forces of India, Central Monitoring System (CMS) Project of India, National Intelligence Grid (Natgrid) Project of India, Internet Spy System Network And Traffic Analysis System (NETRA) of India, Crime and Criminal Tracking Network and Systems (CCTNS) Project of India, etc have still not been implemented successfully by Indian government.

                                                       

• This raises the pertinent question as to how Indian government would ensure cyber security of smart cities in India. We at Centre of Excellence for Cyber Security Research and Development in India (CECSRDI) believe that Modi government must take cyber security seriously. The cyber security challenges in India would increase further and India must be cyber prepared to protect its cyberspace. CECSRDI believes that the starting point is to draft the cyber security policy of India 2015 as the 2013 policy is highly defective and of little significance. We also believe that a dedicated cyber security law of India is need of the hour. The same must be a techno legal framework keeping in mind contemporary cyber security threats. Further cyber security disclosure norms in India must be formulated by Modi government. The cyber security awareness in India must be further improved so that various stakeholders can contribute significantly to the growth and implementation of cyber security initiatives of Indian government.