We must strengthen social trust for truly effective cyber security

Newspaper Rainbow Series     21st December 2020     Save    

Context: Recent sunburst cybersecurity attacks on government bodies, corporations and even think-tanks around the world have highlighted the need for a strong and sophisticated cyber security regime in India.

Challenges faced by cybersecurity frameworks:

  • Rising cyber espionage: Countries spy on each other all the time with every means at their disposal. This has three major implications:
    • Some nation-states have very strong cyber-attack capabilities and use them fairly readily in a world where large-scale conventional wars have become less likely.
      • The cyber domain is especially anarchic, which means that the "cyber strong can do what they can, and the cyber weak must suffer what they must."
      • It also permits extreme asymmetry, enabling small countries like Israel and Singapore, or regimes like North Korea, to wield vastly disproportionate power within the domain.
    • Investments in cybersecurity discourage lower-grade attackers and divert them to seek softer targets elsewhere.
      • This, in turn, means that Indian networks must be as well-defended as their foreign peers, as a relative weakness will make us more attractive targets.
    • Cybersecurity and cyber defence require the government, private sector, academia, civil society and citizens to collaborate intimately in a non-hierarchical, networked fashion.
  • Lack of understanding of comprehensive cyber strategy (which is still a work-in-progress): bars development of effective international laws and norms.

Way forward:

  • Creating strong privacy and data protection laws: which keep both corporate and state power in check.
  • Civil-military cooperation: requiring the government to have "tentacles" in telecom and private networks. Civil-military collaboration requires unambiguous civil-military separation.
  • Generating trust: To create trust, we must clearly define rights, legal roles and responsibilities of the government, private sector and citizens, and scrupulously respect them.
    • Measures like declaring cyber strategies, creating formal structures, appointing experts and allocating budgets, can only work in an environment of mutual trust.
  • Well trained cybersecurity personnel and equipment: to be embedded across public, private and academic networks.

Conclusion: Information-sharing among various stakeholders under a clear set of rules is vital for the country to stave off cyber threats.