Posted by: B Singh | April 9, 2010

The Growing Gaps Of Indian Cyber Security

India is taking inadequate precautions regarding protection of its cyberspace and critical infrastructure. The truth is that cyber security in not on the priority list of Indian government. India is not prepared for cyber war, cyber terrorism, cyber espionage, etc. Not only India has a weak cyber law but also inadequate cyber forensics capabilities. Even there is a lack of basic cyber law and cyber security training among various governmental personnel. India is definitely not serious about cyber law and cyber security.

While the scope of the latest data theft perpetrated by China-based hackers is alarming, the fact that it has occurred again is not particularly surprising. From the exposure of Ghostnet in March 2009 a cyber spying operation that was found to have infiltrated important networks in 103 countries including India to the hacking of Google servers that blew up into the China-Google fracas, cyber attacks traced to Chinese soil have become increasingly frequent over the past few years. What is more surprising is that despite having been burned last year, inadequate precautions seem to have been taken by the Indian government to guard against repeat occurrences. The scale of the data mining this time, as reported by a Canadian watchdog organisation, is extensive. Highly classified information stolen from the defence ministry pertains to defence matters and Naxalism, among other issues. Computers in various Indian embassies around the world have also been compromised.

If cyber security is not moved up on the government’s list of priorities, the next attack is likely to be worse. That cyber warfare will increasingly be part of a state’s suite of offensive and defensive mechanisms is indisputable. India’s booming IT industry and rapidly growing network infrastructure is both an advantage and a vulnerability in this context. Our legislative and security measures are struggling to keep pace. The Information Technology Act of 2000 is a catch-all legislation severely lacking in many respects. Government agencies lag in cyber forensic capabilities. Similarly, our bureaucrats and diplomats seem to be inadequately trained in best practices, such as never transferring sensitive data from a secure network to a personal or otherwise unsecured computer. Taken together, these paint a depressing picture of our ability to defend against further cyber raids.

It is time to take our cue from other countries that have taken the initiative in this area. Not just defence and security but Indian commercial interests are at stake. The US, for example, has a robust approach to cyber security, setting up specialised cells in its intelligence agencies coupled with research. One way to beef up India’s cyber security infrastructure is to bring in the private sector in a big way, with adequate confidentiality clauses. Given the high profile and undoubted expertise of our IT sector, to disregard such a resource would be wasteful in the extreme. And that, as we have just seen, is something we cannot afford.



%d bloggers like this: