Inaugural Address by Dr Arvind Gupta National Security and Cyberspace: Issues and Challenges Gujarat Central University and Rashtriya Suraksha University

23 November 2021.

Vice-Chancellor of Central University of Gujarat, Vice-Chancellor of Rashtriya Suraksha University, Prof Sanjaya Jha, Dean CUG,

I would like to congratulate the Gujarat Central University and Rashtriya Research University for organising this online conference on national security and cyberspace. This is a very timely initiative. Our young students, experts and scholars need to keep themselves fully abreast with vulnerabilities in cyberspace that have a deep impact on our lives as well as on national security.

Today, more than 60 per cent of the world's population is using the Internet. A staggering 500 million tweets and 300 billion emails are sent every day. Presently, 550,000 miles of optic fibre cables, carrying 99 percent of international digital data girdle the earth undersea. Internet cables have shaped new strategic geography.

The pace of digitalisation in India has picked up. Under the Digital India programme of the GOI, a strong digital infrastructure is being built. ICT has transformed governance in the country. The private sector has come forward in a big way to provide transport, logistics, e-commerce, health and education and other services.

In India, nearly 500 million people are using the Internet. More than a billion sim cards are subscribed to. As the scope and ambit of cyberspace grow in the light of emerging technologies like artificial intelligence, big data, the Internet of things, cloud computing, 5G and a host of others, the challenge is to national security are becoming that much more complex to handle.

Information and commutation technologies that underpin cyberspace have brought enormous benefits to mankind. ICT have initiated multiple revolutions practically in every field of human existence.

These benefits come at considerable risk about which we should be aware. The reason is that cyberspace, which includes both the hardware and software, processes, technologies, data, information and much more is highly diffused, not subject to any norms or universally accepted standards. The negative elements ranging from nonstate to state actors, hackers to criminals, terrorists to activists are today in a position to enter cyberspace and do the mischief. Cyberspace is borderless, attribution is difficult and the negative elements can easily hide into the depths of cyberspace.

Technology changes very fast. The normal processes and institutions like criminal justice systems, investigations, intelligence et cetera work more slowly than the negative element's capability to misuse cyberspace. Thus, the misuse of cyberspace is rampant and uncontrollable.

Further, the character of warfare is changing under the impact of artificial intelligence, machine learning, cloud computing, satellites communication and other innovations. Cyber technologies can be used to degrade military systems without firing a bullet. Information warfare and regional conflicts are becoming the norm. Fighting a war has become a whole of society endeavour. Military alone cannot fight today’s wars. They have to be sensitive to the information dimension of warfare.

Data is the oxygen for cyberspace. Without data sharing, society would come to a halt. The question of data sovereignty – who owns data is highly complex. Use and abuse of data go hand in hand. As society gets more digitalised, handling data – generation, sharing, storage, transmission – become important. Ownership and protection of data is a burning issue in digital, knowledge-based societies. The use of fake news is emerging as a top national security concern.

We are seeing a variety of threats in cyberspace which translate into national security threats. Today’s societies depend on the safe and reliable functioning of critical infrastructures. Damage to Critical Infrastructure (CI) can jeopardise the country’s security. Protection of CI is a major concern for national security.

New technologies are usually developed without keeping in view the needs of cyber security. Cyber security requires a well thought out approach based on people, processes and technologies. It requires strong institutions, regulation, self-discipline and a proper understanding of technologies.

The experience of the last 30 years shows that despite significant advances in the understanding of cyber security challenges, it has not been possible to deal with them efficaciously. The exponential increase in cyber attacks globally is a testimony to that.

Cybercrime is today a $ 6 trillion industry which is bigger than the oil industry, the tourism industry and many other global industries. With the rise of cryptocurrencies based on blockchain technologies, cybercrime has increased exponentially. Payments for cybercrime or increasingly being made in cryptocurrencies. The dark web is a throbbing hub of cybercriminals, drug syndicates, arms dealers and others. Terrorists are using cyberspace for their purposes and activities. Ransomware attacks have increased exponentially. The US and several countries have come together to launch a counter ransomware initiative.

India

These phenomena present a clear danger to national security. According to the official data, there were about 400,000 cyber security incidents observed in 2019 and 2020 respectively. That is a three-fold increase in just one year! One of the most striking features of India is the digitalisation of the economy, the growth of e-commerce, the modernisation of logistics, the use of cyber technologies for governance purposes, the massive increase of online education, the introduction of cyber technologies in the health sector. The list is endless, India is at the cusp of the introduction of ultrafast 5G communication technologies. It has emerged as a leader in artificial intelligence. The start-up ecosystem in India is amongst the fastest-growing. The valuations in the Indian stock exchanges have increased rapidly. The public transport system including metros and Indian Railways run on modern technologies. These are the positive signs of the greater and greater use of new technologies for development purposes.

Steps

India has been alive to cybersecurity challenges for several decades now. It has taken several steps to meet these challenges.

  • It was one of the few countries to enact the IT Act in 2000. Although, primarily an e-commerce act, some provisions were used to deal with cybercrimes, hiking, fake news et cetera. The act has been revised once and needs another revision.
  • We were amongst the first countries to set up the institutional structures for cybersecurity.
  • A National Information Board headed by the National Security Adviser was set up in 2002. A Computer Emergency Response Team (CERT) was set up in 2004. Several sector-specific CERTs have been set up. The power sector is the latest to issue cyber security guidelines. Railways and banks already have issued guidelines.
  • The government adopted a cybersecurity policy in 2013. A new version of the cybersecurity policy is expected soon.
  • India set up a National Technical Research Organisation (NTRO) which looks into critical information infrastructure protection.
  • India also participates in cyber security dialogues in the bilateral and multilateral format.
  • A post of National Cybersecurity Coordinator was set up in the National Security Council Secretariat.
  • The National Security Council Secretariat has also come up with a National Security Telecom Directive on the use of trusted components and systems from trusted sources.
  • Several universities are now offering courses on cybersecurity. A great deal of attention is being paid to cyber skills and training.
  • The Indian Armed Forces have set up a Defence Cyber Agency.
  • India is participating in the Quad on emerging technologies. India is emerging as a leader in artificial intelligence and cloud computing.
  • The government has empanelled cybersecurity auditing organisations to support and audit the implementation of Information Security Best Practices, it has formulated Cyber Crisis Management Plan (CCMP) for the central and state government institutions and critical sectors;
  • It is operating the Cyber Swachhta Kendra (Botnet Cleaning and Malware Analysis Centre) for the detection of malicious programs and free tools to remove the same.
  • It has set up the National Cyber Coordination Centre (NCCC) to generate necessary situational awareness of existing and potential cyber security threats.
The Way forward

These are positive developments.However, there are many challenges as well. They require urgent attention.

  • We need to further strengthen our technological institutions like CERT and critical infrastructure protection.
  • We must pay attention to cybersecurity R&D, particularly in the backdrop of the emergence of new technologies which are complicated cybersecurity challenges.
  • The fragmentation of the cybersecurity landscape needs to be overcome. Coordination needs to be strengthened. The National Cyber Security Cybersecurity Coordinator should be made stronger.
  • We need to set up mechanisms to promote public-private sector partnership (PPP ) and build a robust cybersecurity industry in the country.
  • Our dependence on imports of cybersecurity material should be lessened.
  • We also need to setup chip manufacturing facilities for high-end chips which are going to every device.
  • There is a need to ensure that the 5G the cybersecurity issues underlying 5G and IOT are addressed.
  • We should encourage PPP in all aspects of cyber security.
  • We should strengthen the cybersecurity capacity of law enforcement agencies.

India is a democracy and an open society. India also has immense social, cultural and religious diversity. These features of any society make it particularly vulnerable to manipulation by adversaries.

The National Security Adviser has recently spoken about the Indian civil society becoming a front line of the new generation of warfare. Digital portals have become the tools in the new warfare. Very often we do not even know who the enemy is and where he is hiding. We need to have proper vigilance. But we have also to make sure that the countermeasures are as per our laws and do not damage the Democratic and tolerant fabric of our society.

In the last few years, we have seen growing tension between the state and the major data companies and portals. This is not a uniquely Indian phenomenon. It is present everywhere including in developed countries. The tension is between the need for open cyberspace and the requirement of protecting the privacy of the individual. We need a balanced approach.

The task of finding this balance rests very much on society. At the heart of this tension lies the quandary about who owns the data, how it is to be protected and made safe so that the individual is not harmed. There are no easy answers to this question. The data protection and safety bill has been lying pending with the Parliament for several years now. We need to pass the clock so that there is clarity on this very important issue.

Diplomacy

Cyberspace by its very nature, is global. With more than 60% of the population using cyberspace, it is but natural that every country is involved. Even though the global community has been involved in evolving norms of behaviour in cyberspace, the success has been meagre. Several international forums including the UN Gen assembly, the ITU, the Working Group on Internet governance, the UN Open-Ended Working Group, the UN Group Of Governmental Experts and numerous functional organisations and institutions are involved in working out the norms. There are a number of bilateral, regional and international discussions that take place on cyberspace. This trend is likely to continue. India must remain fully engaged with these issues.

Until a few years ago, national security was understood in very narrow confines of military security. No longer is the case. Cyberspace has vastly alter altered the meaning of national security. Several countries have updated their military doctrines and strategies incorporating cybersecurity into national security. Cybersecurity is today a top international security concern connected with issues such as new technologies, autonomous weapon systems such as robots, drones and submersibles, weaponisation of data, information warfare, information, surveillance and target acquisition, drones warfare and many others. Cyberwarfare and space warfare are getting interlinked.

UNNGE, OEWG, PoA process at the UN is getting traction.

Conclusion

Universities and academic institutions can play a major role in enhancing the understanding of cybersecurity and its link with overall national security. We are short of cybersecurity professionals in this country. Capacity building is the need of the hour. Your role is indispensable in bridging the gap. I do hope that you would institute regular courses on the subject which will enhance not only understanding of cyberspace but also impart skills and training to a vast number of workers that require professionals that require in this area.

Thank you very much for inviting me.

Post new comment

The content of this field is kept private and will not be shown publicly.
1 + 8 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.
Contact Us