We must strengthen social trust for truly effective cyber security
Context: Recent sunburst cybersecurity attacks on government bodies, corporations and even think-tanks around the world have highlighted the need for a strong and sophisticated cyber security regime in India.
Challenges faced by cybersecurity frameworks:
- Rising cyber espionage: Countries spy on each other all the time with every means at their disposal. This has three major implications:
- Some nation-states have very strong cyber-attack capabilities and use them fairly readily in a world where large-scale conventional wars have become less likely.
- The cyber domain is especially anarchic, which means that the "cyber strong can do what they can, and the cyber weak must suffer what they must."
- It also permits extreme asymmetry, enabling small countries like Israel and Singapore, or regimes like North Korea, to wield vastly disproportionate power within the domain.
- Investments in cybersecurity discourage lower-grade attackers and divert them to seek softer targets elsewhere.
- This, in turn, means that Indian networks must be as well-defended as their foreign peers, as a relative weakness will make us more attractive targets.
- Cybersecurity and cyber defence require the government, private sector, academia, civil society and citizens to collaborate intimately in a non-hierarchical, networked fashion.
- Some nation-states have very strong cyber-attack capabilities and use them fairly readily in a world where large-scale conventional wars have become less likely.
- Lack of understanding of comprehensive cyber strategy (which is still a work-in-progress): bars development of effective international laws and norms.
Way forward:
- Creating strong privacy and data protection laws: which keep both corporate and state power in check.
- Civil-military cooperation: requiring the government to have "tentacles" in telecom and private networks. Civil-military collaboration requires unambiguous civil-military separation.
- Generating trust: To create trust, we must clearly define rights, legal roles and responsibilities of the government, private sector and citizens, and scrupulously respect them.
- Measures like declaring cyber strategies, creating formal structures, appointing experts and allocating budgets, can only work in an environment of mutual trust.
- Well trained cybersecurity personnel and equipment: to be embedded across public, private and academic networks.
Conclusion: Information-sharing among various stakeholders under a clear set of rules is vital for the country to stave off cyber threats.
Related Articles
