Transformative Cyber Security For Innovative Economy Like India

Article By Vishal Verma Founder of CyberIndia.org and Partner at Edgewood Ventures

The Indian economy is transforming from a services (outsourcing) economy to an innovation and manufacturing economy. During this transition, Technology and government leaders need to ensure that the current cyberinfrastructure protects critical and vital data. India and the US share key roles as technology leaders in collaborating in the strategic technology interchanges. The two economies are closely integrated due to technology partnerships and the IT industry is the key underpinning on where the critical infrastructure has been built ranging from power to water.

The two largest democracies (USA at 350M people and India at 1.3 Billion people) and largest economies (USA at $18 Trillion and India at $2.1 Trillion) have inherent commercial and social responsibilities to address and combat cyber threats. The Access of Cyber Evil (ACE) is as concerning to India as to the USA, due to a growing global economy and the intrinsic geopolitical area surrounding India.

Exiting Threats-Theft of Sensitive Data

• * Estimated loss of US$ 2 – 3 trillion of sensitive defense-related data from the United States in the last 3 years
• * India is ranked as the bottom fifth worldwide in terms of network security breaches
• * Sensitive Government of India (GOI) offices and installations hacked; possible compromise of sensitive information
• * Nearly 75% of Indian business enterprises reported data theft through online hacking

Losses

• * Increasing hacker attacks on Financial Institutions
• * Fraudulent legal electronic bank transfers and Credit card transactions
• * Legal exposure (fines, damages, penalties, and incarceration for employees) and customer defections to competitors
• * Estimated $15 - $20 billion stolen annually in the United States

Cyber Warfare

• * State-sponsored hackers are able to create ‘Complete Internet Blackouts’
• * In March 2013, Europe was under cyber-attack from hackers in Eastern Europe (including Russia) and a majority of critical networks were compromised
• * Recent hacks attributed to China targeted the United States and India
• * US Government employee database hacked and personal information was stolen
• * Indian Space Research Organization (ISRO) commercial website hacked

In the 2017 budget, Minister Mr. Arun Jaitley announced plans by the Government of India to provide additional funding to enhance India's digital foundation. The target is to reach 2,500 crore digital transactions for 2017-18 through different initiatives; including Aadhaar - smart cards containing senior citizen health records, UPI-an open-source platform designed for the easy integration of various payment platforms, debit cards and digital platforms.

In 2016, 3.5 million debit cards were compromised with over 2.5 million using Visa and MasterCard platforms while 1,000,000 were on the RuPay platform. State Bank of India (SBI), and HDFC bank, which has over 25000 branches was hit the hardest. The banks blocked and re-issued a majority of its issued debit cards to customers. In this case there is a bigger hit on the level of trust the consumers have on their banks.

India and United States have a representational interest and Cybersecurity is a key area for bilateral policy level discussions after the Obama administration and India signed a framework for cooperation. Many key cyber experts in India have mentioned the concern and remarked that “I don’t know where they come from and when they come we are now sure what they take”.

Prime Minister Narendra Modi has already announced that “… clouds of a bloodless war are hovering over the world”, and “increased innovation and greater focus are required on the global challenge of cyber security.”

India is focused on indigenization and value addition policies

• * The GOI has already given preference to solutions with at least 30% value addition domestically
• * By 2020, 80% of procurement will be done from companies who have invested in localization

Revival of Indian Government-owned Public-Sector Units (PSUs)

• * The GOI is also focusing on PSUs to secure their supply chain and services models
• * Some of these firms are being funded by the GOI for product development and other innovations on new technologies

How these problems are addressed today

• * Global vendors provide standardized COTS (commercial off the shelf) solutions
• * With standard certifications and not necessarily “better security”. Just more “thoroughly verified” under a given set of assumptions made about the operating environment
• * Business customers license firewalls, application level protection packages, etc. to provide an assurance of security
• * Increased levels hacking only proves that even these solutions have many doors for hackers to enter through…

The new name of the game is building trusted networks. Many companies have implemented different structure and below is a sample Trusted Service Device Product Range

With the Prime Minister’s initiative on Digital India, Cashless Society and the Internet of Things revolution, India is becoming a large market. India is well positioned to adopt the latest innovative technologies due to limited legacy systems in the country.

India created a new tool against cyber threats with the addition of the Cyber Czar to the Prime Minister’s office. The Cyber Czar manages the co-ordination between the tri services interexperiment at the Federal Government level and State Government level.

Still fresh in the minds of Indians, the Wannacry attack affected Critical Infrastructure in over 18 states. As of today, a final assessment of the total damage in terms of loss revenues and costs to repair and replace the infrastructure are still to be determined. It is a worldwide trend that more than 50% of the cyber-attacks are for financial gains and corporate cyber espionage.

Analysis

However, even with India’s increased awareness and countermeasures, India still needs to be vigilant in protecting security in networks and other IT roll-outs. With the world facing a common enemy, everyone should agree that there is no technology in the world that doesn’t have a Non-Resident Indian’s (NRIs) fingerprint. The Prime Minister correctly said in a speech in Canada “he is saddened to see why Google’s birth didn’t happen in his nation.”

India will need to bring in global experts and harvest the NRI community in addition to the public and private sectors that can lead to complementary roles in meeting developmental and social needs to help build India in key strategic technologies.