The first India-US summit on information security just got underway this month in Delhi and the gathering, for the first time, addressed jointly concerns about online security from many angles. There have been fears for some time among businesses and individuals about the massive increase in cyber attacks and its blending in various forms. Likewise there have been global concerns about security of critical assets. The best reflection of such changing concerns coming out in the summit can be gauged from the following: US Under Secretary of Commerce Kenneth Juster calling cyber attacks as weapons of mass disruption; Symantec doling out statistics showing seven new vulnerabilities emerging every day; and Science and Technology Minister Kapil Sibal mentioning the serious consequences if there was to be a massive cyber attack by Al-Qaeda in Bangalore.An opinion poll conducted by Nasscom and the Information Technology Association of America among 95 Indian companies also underlines this contention — 82 per cent customers of Indian IT companies are more concerned about security than ever before, 75 per cent of them believe security is a key differentiator for competition and 45 per cent feel budget allocation for security had gone up in the last year. The survey also vehemently calls for a proactive government role.The good news is that awareness is building up within the government about the need to address cyber security concerns and protect critical assets; the bad news is that still there is no movement in the ground. A couple of years back, some moves were initiated by the Department of Information Technology to set up four working groups to address specific areas of information security but nothing came to a logical conclusion in any of these groups. When the new IT minister took office this May he outlined security as one of his key areas of action, but concrete steps are still awaited.It must be noted that DIT’s role could at best be to address the concerns of the industry and generate the confidence required for e-commerce to be viable. This could involve securing online transactions with legislative and technological actions. But on issues of national security, the role of DIT could be far-fetched. Cyber security should be actively considered as a national security concern and addressed by the home and defence ministries as also the intelligence agencies. This is already happening, at a good pace but not in a concerted fashion. Thus in many cases three government agencies could be working on the same case, wasting resources.Today the horizons of information security offer India a great opportunity. On one hand, we have a lot to do to secure our networks as also integrate their functioning in terms of building a control mechanism where response structure also fits in aptly. There is a mistaken impression among government players that their networks are insulated from the Internet and so even if there is a catastrophic attack, they would be safe. Many of them even go to the extent of accusing IT companies of raising the bogey of security to do more business! On the other hand, there is great scope to be a global leader in defining security practices and standards. Most of our IT human resources are in the thick of work on most products and services. Can one expect them to focus also on security software? Experts within the industry believe that if 10 per cent of our software engineers are involved in security projects, India would emerge as a key player in this field. At present the global regime on critical information infrastructure protection (CIIP) is in its formative stage and therefore great opportunities exist. India has the manpower. Unfortunately there is no such understanding amongpolicymakers to cash in on this opportunity.The government must immediately involve itself in global deliberations on cyber security. It needs to be party to the Council of Europe convention on cyber crimes whereby it can also address issues of data protection and other security concerns raised these days by EU countries. There should be more bilateral partnerships like the Indo-US Joint Working Group on Cyber Terrorism. Similarly it needs to look at building capacity for security solutions within the country. Why not give a fresh lease of life to all the software technology parks to get in new companies or give incentives to existing companies for doing security projects. Similarly, the IITs and NITs can be involved in projects on security and information warfare.The bottomline is, we need to act fast so that we are safe and at the same time we don’t squander the great opportunity that cyber security offers to India.
