Cyber power is slowly but surely becoming the new way of complementing to the country's strength. With highly covert in nature and powerful enough to disrupt the communication infrastructure, sabotage the financial systems, obstruct the data flow, espionage the military organisations and many more against the hostile nation, has given economies a cheaper option with the future-oriented mode of warfare.
With a large part of the financial systems coming online and companies switching to online methods to serve the customers, the importance of data has increased more than anything. It is well said that data is the new fuel, and the one who possesses it in bulk and quality can only ensure a stable and stronger economy.
Talking about India, there are 730 million active internet users. 75% of new users are from rural India, and 75% of new users consume data in vernacular language. The online entertainment and content industry has seen 83% CAGR and attracts 175 million online shoppers allowing for 70% of e-commerce transactions via mobile phones.
Despite this fact, the cyber capabilities of India is one of the weakest links in its growth story. According to the National Cyber Power Index published by Belfer Center of Harvard Kennedy School, USA, India ranks 21 out of 30 countries analysed when it comes to cyberspace.
This shows the country's undefined strategies regarding cyber defence and vague intent in securing the assets online. India also ranks 24 positions in terms of cyber defence. Despite being recognised as a tech-driven economy and famous for its IT professionals, the country has not been able to raise a strong centralised cyber defence organisation.
India is a country of 130 crore people which are an asset for the nation; however, it also becomes very important to have a piece of proper knowledge and awareness regarding the kind of content the population is consuming. and the best way to find out is beefing the surveillance capabilities to keep a check on fake news and propaganda and stopping cyber-bully and other malicious malpractice. However, unfortunately, India ranks 26th in the list.
Given the size of the economy and the amount of data penetration it has achieved coupled with the situation where it shares borders with extremely capable hostile neighbours, it is very obvious to focus on the issue urgently.
India's Ineffective Steps in Ensuring Cyber-Security
The country faces a huge shortage of cyber security workforce. According to government reports, considering the size of the country's infrastructure, India needs about 30 lakh cyber-security professionals.
The country also lacks an active real-time cyber-attack tackle mechanism. The existing organisations within the country such as Indian Computer Emergency Response Team, National Critical Information Infrastructure Protection Centre, and many more follow a postmortem approach where they focus on the cause of cyber-attack after being the victim and try to prevent it in the future from happening again. This causes huge investment erosion as after the incident, already the majority of data would be leaked and thereby compromising the national interests.
The existing organisations in the country also face some major issues as they do not have clearly defined protocols and face problems in collaborating with other organisations for that matter. Every state has its own guidelines for handling a cyber-attack which makes the role of centre ineffective. This independent approach has made the attempts of establishing a central mechanism for protecting the nation as a whole.
Understanding the urgency and the seriousness of the matter, The government of India has drafted a set of protocol to be followed in the future that may clarify the government's intent in dealing with the challenges of the 21st century and will also help in establishing India's new cyber-security framework.
The four-point action plan suggested by the government is as follows :
- Prediction : Proactive measures to identify attackers, their objectives and methods prior to materialisation of viable attackers.
- Prevention : Prevent or deter attacks so no loss is experienced secure the computing environment with current tools, patches, updates, and best-known methods in a timely manner. Educating and reinforcing good user behaviours.
- Detection : Identify attacks not prevented to allow for rapid and thorough response efficient management of efforts to contain, repair and recover as needed, returning the environment to normal operations.
- Response : Rapid address incidents to minimise losses and return to a normal state. Monitor key areas and activities for attacks which evade prevention. Identifies issues, breaches and attacks.
Of course these action points successfully allow us to understand the government's intent and seriousness on the matter be again it does not help us to decode exactly how will that be achieved.
The world is moving fast and to be a decisive force, we need to not only catch up with the world but also stay one step ahead.
With the financial system moving towards block chain, the government needs to take cautious note of the threats related to it and the lack of qualified personals with knowledge of block chain and its economics. It thus becomes important for the educational institutions of India to consider cyber-security as a separate branch in colleges to raise an army of cyber warriors.
India even needs to solidify its stance in cyber espionage as well. Considering the country's power in the military, it is very uncommon to see no effort being made to maintain a cyber force for espionage purposes. In order to be protected, India needs to stay offensive to defend additional threats.