India’s capabilities in strong cybersecurity
The necessity of strong cyber security measures is self-evident from the rising number of cyber-attacks. According to Forrester, around one billion accounts and records were compromised worldwide in 2016. The cost of data breaches is likely to cross US$ 2.1 trillion globally by 2019 according to Juniper Research. A proliferation of cyber-attacks is causing increasing damage to companies, governments and individuals. Moreover, cyber security risks are constantly and quickly evolving.
Cyber security is the ability to protect or defend the use of cyberspace from cyberattacks. It includes the body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorised access. Elements of cybersecurity are application security, information security, network security, disaster recovery, operational security and end-user education. According to Forbes, the global cybersecurity market reached is expected to hit US$170 billion in 2020.
Expanding cyberspace in India
The number of internet users in India has been rising fast. Today, with over 460 million internet users, India is the second largest internet connected country in the world. By 2021, it is expected to reach 829 million i.e. 59 per cent of total population. India is among fastest growing e-commerce markets in the world with an estimate of 43.8 percent digital buyer penetration in 2016. Retail e-commerce sales in India amounted to about US$ 20 billion in 2016 and are projected to surpass US$ 45 billion in 2021.
Further, government’s ‘Digital India Mission’ seeks to provide e-governance and empower citizens digitally by improving online infrastructure and connecting rural areas with high-speed internet networks. It is taking the country towards increased digitisation and expansion of cyberspace. Realising that cyber security challenges in India would increase further, India is preparing itself to protect its cyberspace from constantly evolving cyber threats. With an aim to monitor and protect information and strengthen defences from cyber-attacks, the Ministry of Electronics and Information Technology (MeitY) adopted the ‘National Cyber Security Policy’ in July 2013. The Cyber Security Policy (NCSP) aims at the protection of information infrastructure in cyberspace, reduce vulnerabilities, build capabilities to prevent and respond to cyber threats and minimise damage from cyber incidents through a combination of institutional structures, people, process, technology and cooperation.
Under the policy, a national and sectoral 24x7 mechanism has been envisaged to deal with cyber threats through National Critical Information Infrastructure Protection Centre (NCIIPC). The Computer Emergency Response Team (CERT-In) has been designated to act as a nodal agency for coordination of crisis management efforts. CERT-In acts as an umbrella organisation for collection, analysis and dissemination of information on cyber incidents; forecast and alerts of cyber security incidents; emergency measures for handling cyber security incidents; coordination of cyber incident response activities; issue guidelines, advisories, vulnerability notes etc. Under the Information Technology Act 2008, it is mandatory for all institutions to report cyber incidents to CERT-In.
The NCSP-2013 calls for effective public and private partnership and collaborative engagements through technical and operational cooperation. The public-private partnership is critical to tackling cyber threats through proactive measures and adoption of best practices, besides creating a think tank for cyber security evolution in future. Another strategy, which has been emphasised, is the promotion of research and development in cyber security. R&D of trustworthy systems and their testing, collaboration with industry and academia, setting up of ‘Centre of Excellence’ in areas of strategic importance etc., are the hallmarks of the strategy laid down in the policy.
India currently has a top layer of agencies performing cyber operations - the National Technical Research Organisation (NTRO), the National Intelligence Grid, and the National Information Board, etc. Recognising the strategic dimensions of cyberspace, the Prime Minister’s Office (PMO) created the position of the National Cyber Security Coordinator in 2014. India’s civilian institutions have their own firefighting agencies and the armed forces have their own insulated platforms to counter cyber-attacks. The Government of India has also started to invest time and money to recruit cybersecurity experts and partnerships with top international cybersecurity firms.
The financial sector in India, especially banks, has been very serious about cyber security and has become more so with the recent push towards digitisation of financial transactions. The Reserve Bank of India is improving its security capabilities and has asked other banks to follow suit.
Cybersecurity cooperation with other countries:
Given the global nature of cyberspace and cyber threats, India realises the importance of bilateral and multilateral cooperation in Cybersecurity. India has signed Agreements/ Memoranda of Understanding (MoUs) for Cooperation in Cybersecurity with several countries including the UK, South Korea, Canada, Australia, Malaysia, Singapore, Japan, Vietnam, Egypt and Uzbekistan. The MoUs related to Cyber Security will promote closer cooperation for exchange of knowledge and experience in detection, resolution and prevention of security related incidents between India and respective country. Further, India has signed MoUs for Cooperation in Information Technology (IT) with a number of other countries including France, China, Brazil, South Africa, Bulgaria, Columbia, Estonia, Ireland, Israel, Jordan, Qatar, Tanzania, Tunisia, etc.
Multinational corporations have also set up cybersecurity centres in India. Microsoft India has launched its first full-scale Cybersecurity Engagement Centre (CSEC) in New Delhi to bring together Microsoft capabilities to foster deeper Cybersecurity collaborations with public and private sector organisations. IBM has launched a state-of-art cyber security command centre in Bengaluru to offer customised security solutions to its Indian clients. Accenture has launched a global flagship “Cyber Fusion Centre” in Bengaluru that leverages the company’s inter-disciplinary capabilities and combines everything related to cyber security - from strategy, innovation and consulting to implementation and troubleshooting incidents - under one roof. Cisco has signed a MoU with Ministry of Electronics and IT (MeitY) for cyber security cooperation and will open a new Security Operations Centre (SOC) in Pune.