Addressing India’s Cyber Threats

India is quickly becoming the second-largest victim of cyberattacks after the United States and earlier this year released its first national Cyber Security Policy, which aims to ensure a secure and resilient cyberspace for citizens, businesses, and the government. Ambassador Latha Reddy, former deputy National Security Advisor of India, emphasized that the intent of India’s Cybersecurity Policy is to strengthen the role of its Computer Emergency Response Team (CERT-In) in coordination with crisis management efforts and awareness-raising activities on cybersecurity during an event kicked off with an introduction by South Asia Center Director Shuja Nawaz and moderated by Cyber Statecraft Initiative Director Jason Healey. Alongside protecting the country’s cyber infrastructure, the policy strengthens the significant role IT has played in transforming India’s image to that of a global player in providing IT solutions of the highest standards.

The realization that cybersecurity should be at the forefront of national security efforts came to India after the 2010 Commonwealth Games, which exposed numerous potential vulnerabilities within the country’s national critical infrastructure. India desires to address the goal of achieving a safe and stable cyber environment in a comprehensive manner. Current focus centers on capacity and infrastructure building which will enable establishment of secure and resilient cyberspace that will not only protect the country’s networks from criminal activity and espionage but ultimately also from acts of cyber warfare. As Ambassador Reddy pointed out, building consensus around the need to secure cyberspace comes from understanding of threats to common users and extending educational efforts to services not typically associated with cyber arena, such as law enforcement and judiciary.

Government plays a crucial role in securing cyberspaces, but only an approach inclusive of civil society, academia, and private sector will yield practical and comprehensive solutions to cyber challenges. There are multiple benefits, extending beyond the inclusiveness of policies, gained from involvement of private sector in decisions regarding cyber security. Ambassador Reddy emphasized the example of India now being one of the nations authorized to certify IT products, which greatly empowers the country’s IT industry. India’s ultimate goal is to raise itself to the level of cybersecurity “power house,” a role to which the country has solid predispositions for as it has an extensive number of IT professionals.

Another element of a comprehensive cyber strategy is finding the balance between individual freedoms and imperatives of national security. Ambassador Reddy stated that there is an inherent tension between the right to free speech, and the government’s role in protecting the public from harmful misinformation in India. This challenge is of a global character touching on issues ranging from individual and national security to internet governance. The issue is, Ambassador Reddy stressed, that national paradigms are imposed on something that is essentially an international space. In case of India, there is a realization and acceptance of certain level of intrusion in the privacy sphere given the past experiences with terrorist attacks. It is paramount that the nature of the Internet as the general commons be reflected in the way its architecture is set up and the mode of its governance.

The Ambassador stressed that there is a need to make existing systems of governance, including the management of core internet resources more democratic, more transparent and more representative. India is committed to global, regional, and bilateral dialogue on these issues. Another area where balancing diverging interest occurs in India is e-governance. The country embraced the opportunities that electronic devices offer in conducting elections while assuming risks from cyber attacks, acknowledging the role of e-governance in improvement of overall governance in the country.