India 2020 defexpo
Cyberspace and Securing
National interests
Wikimedia Commons
A visualisation of the various
routes through a portion of
the internet
T
he world has witnessed
a disturbing increase in
disruptive cyberattacks since
2014-15. On December 11,
2019, newspapers reported
a statement that Iran has ‘identified
and diffused a massive cyber-attack
on its electronic infrastructure. It was
very large, organised and government
attack.’ No country or group has been
named as attacker. In November 2019,
the details of 15 million Iranian debit
cards were published online, exposing
the account information of almost one-
fifth of Iran’s population. Though, Iran
denied the breach a result of a hack, cyber
experts believe the attack was carried
70
out likely by a state or state-sponsored
organisation. Iran is suffering from the
US sanctions. After withdrawing from the
Iran’s Nuclear Deal of 2015, the USA has
imposed sanctions on Iran which have
crippled the Iranian economy. In June
2019, the USA cyber-attacked the Iranian
Intelligence system with a devastating
effect. It was reportedly in response to
Iranian attack on commercial vessels in
the Gulf. Earlier in the year- 2009-2010
also, Washington used Stuxnet computer
virus, a US-Israel joint creation, and
disrupted thousands of Iranian centrifuge
(enriching uranium) in the Iran’s nuclear
sites. On 13 December 2019, the city of
New Orleans declared State of Emergency
February 2020 www.geopolitics.in
VIJAY KUMAR KAUL
examines the importance
of cyberspace, the
opportunities and challenges
it offers, the type of
capabilities and system it
need to develop and the
India’s standing in terms of
cyber security capabilities
and system
as they detected ransom-ware attack on
City’s network. In ransom-ware attacks,
criminals try to extort money by blocking
access to computers.
Similarly, in 2015 and 2016, hackers
snuffed out the lights for hundreds of
thousands of civilians in Ukraine in
the first power outages ever triggered
by digital sabotage. Then came the
most expensive cyberattack in history,
NotPetya, which inflicted more than $10
billion in global damage in 2017. Finally,
the 2018 Winter Olympics became the
target of the most deceptive cyberattack
ever seen, masked in layers of false flags.
In fact, these unprecedented events
aren't merely the recent history of
cyberwarfare’s arms race, they are all
linked back to a single, highly dangerous
group of hackers: Sandworm. Sandworm
is suspected to be linked with Russia. In
case of Ukraine’s outage in 2015, many
global cybersecurity analysts believe
Russia is using Ukraine as a laboratory
for perfecting new forms of global online
combat. And the digital explosives that
Russia has repeatedly set off in Ukraine
are ones it has planted at least once
before in the civil infrastructure of the
United States.
In the Cyberspace, cyber-attacks are
the medium to inflict damages to the
targeted entity, city, state or country. This

medium connects, in every direction, to
the all activities of civilisation itself. In
contrast to the use of force and the armed
military attack, a vast majority of state
cyber-attacks are persistent, low-level
attacks that may leave no physical trace.
With the increased use of cyberspace for
social, economic, political and military
uses, these cyber-attacks have become
common in large number of countries
organised by states and non-state actors.
These attacks are capable of significant
damage to critical infrastructure,
military assets, financial network, and
political and social stability and inflict
huge economic costs. It, therefore,
becomes essential for the state to create
a strong cyber security capabilities and
system to create resistance to any cyber
intrusion and attack, as well as offensive
capabilities.
Shifting Global Politics, National Interest
and Cybersecurity
The global security landscape among
the major power has changed with the
emergence of China and the internet.
During the Cold War period, global
rivalry was between the US and Russia
(erstwhile USSR) for military superiority
and geopolitical influence. There was
no economic interdependence between
these two powers. The USSR was not
a party to the GATT and the US was
founder member of GATT. There was a
relative separation between the security
and economic spheres at a government
and economic level. Wherever there
was overlapping, the issues were dealt
separately, such as with trade in products
with security applications, were dealt with
separately, in the Wassenaar Agreement
and the Missile Technology Control
Regime (MTCR). With the collapse of
the USSR, the US emerged as the only
superpower with military and economic
capabilities. The USA also pushed and
supported globalisation and growth in
international trade as it served its national
interests.
Since 2007, China as a military and
economic power has been challenging
the US predominance in some areas.
China is not a US ally and its economic
development and governance systems
are different from the US and its Western
allies. At the same time, China’s economy
is deeply integrated with the US via trade
and investment. The global internet
has increased such connectivity along
with the scope for attack. This makes
cyber-security a point where the pulls
of connection and push of competition
converge. Reducing cyber risk is now a
Blockchain panel discussion at the first IEEE Computer Society TechIgnite conference
ch
a n d e n i e d t he br ea r t s
Ir p e
Though, f a hack, cyber ex ied
lt o
a resu e attack was c - a r r
believe th by a state or state
out likely organisation
s p on s o r ed
focus for many countries, as the risk of
cyber-attacks is a key point of security as
well as economic and social vulnerability.
Cyberspace and Digital Economy:
Opportunities and Challenges
Opportunities
Digital evolution and creation of
cyberspace is human mind’s biggest
invention. It has dramatically transformed
human existence. Human’s ability to
digitise, store, analyse, and transport data
around the globe has had profound effects
in every sector of society, and has changed
the way we conduct personal, business,
and political affairs. Today, approximately
half of the world’s population is online
and this number is rapidly increasing. But
even those not personally connected to
cyberspace are affected by its reach, since
the entities they rely upon to provide
goods and services often use cyberspace
www.geopolitics.in February 2020
defexpo
Wikimedia
for communications, logistics, and
finance.
The world is fast moving towards
digital economy. The size of the USA’s
digital economy in 2017 was almost $1.5
trillion, that is 6.9 percent of the total
GDP. Globally, UNCTAD estimates that
e-commerce was worth $29 trillion in 2017
with around 1.3 billion people shopping
online—up 12 percent from the previous
year. Around 12 percent of global goods
trade is via international e-commerce. As
per the McKinsey estimates, in the year
2014 the cross-border flows of data were
valued at around $2.4 trillion—more than
global trade in goods.
In the functioning of digital economy,
there is need to have access to hardware
and software for production and
delivery. Small businesses can get instant
international presence through website
and e-commerce that in turn provides
a significant opportunity to increase its
participation in international trade. The
use of digital technologies across sectors
and countries generates lot of data.
This global flow of data is essential for
e-commerce, insightful decision making,
and innovation. As per the WTO, the use
of digital technologies has also reduced
trade cost and is likely to increase the
world trade by up to 34 percent by 2030 as
per the WTO. This includes using digital
technologies to reduce transport by
increasing the efficiency of logistics, using
robots to optimise storage and inventory,
and using block-chain to facilitate
customs processing.
Service trade—the purchase and
consumption of services online—has got
big boost with internet access and cross
71
 India 2020
Wikipedia
border data flows. Many of the emerging
technologies, like cloud computing,
delivered online are themselves services.
Data collection and analysis are adding
value to goods exports through so-called
“servicification.” Data flows enable
digitisation of the entire manufacturing
enterprise, shorter production cycles
and collaborative and connected supply
chains. The deployment of 5G networks
and technologies will accelerate the
growth of the digital economy and
digital trade. The ‘most transformative
impact will be in bringing faster
processing speeds and increased network
functionality. The Internet Protocol will
be used in network architecture as well as
by the applications that run on it. 5G will
effectively turn everything into data as
everything becomes an IP app. This will
create lot of new challenges also.
Cyber Security Challenges and Risks
Cyber security has also created a lot of
challenges. Growing global connectivity
of businesses, governments, and supply
chains with the use of AI and Internet
of Things (IoT) and cloud computing
have increased the exposure to the risks
and costs of cyber-attacks. These risks
undermine business and consumer trust
in the internet as a basis for commerce
and trade. These challenges in cyberspace
in the form of threats, crimes and warfare
have moved a long way: from computer
72
defexpo
virus in 1977, to hacking web sites,
malicious code, to Advanced Worm and
Trojan, to Identity theft(phishing) to,
now 2010 onwards. Cyber Espionage and
Cyber warfare. Forbes has predicted that
“In 2020, we’ll see an increasing number of
cybercriminals use Artificial Intelligence
(AI) to scale their attacks. AI will open
the door to mutating malware based on
attackers using genetic algorithms that
are capable of learning, increasing their
chances of success.” There are 141+42
cyber security subject predicted by the
experts in the year 2020 which ranges
from disrupting elections to targeted
ransom ware to privacy regulations to
deep fakes and malevolent AI.
There are four key areas of cyber risk
with implications for global data flows in
a digital economy. The first is the national
defence space. This includes all branches
of the military, intelligence services, the
defence infrastructure, networks, and
related software, as well as classified
information stored on the networks.
The second is critical infrastructure,
like telecom, power grid, ports etc. The
third area includes trade secrets and IP
with commercial value. The fourth area
of vulnerability includes other online
information.
Call for International Law and Cooperation
With increased importance of cyberspace
and growing disruptive cyber-attack,
February 2020 www.geopolitics.in
Swiss European
surveillance: face
recognition and
vehicle make, model,
colour and license
plate reader
international community is urging
for collaboration and cooperation
invoking UN principles. A UN Group
of Government Experts (GGE) agreed
in 2013 and 2015 that the principles in
the UN Charter, including sovereignty
and the prohibition on intervention in
another state’s affairs, apply to states’
activities in cyberspace. The 2015 GGE
also recommended eleven (non-binding)
norms of responsible state behaviour
in cyberspace. However, there was no
consensus among the countries on how
to apply these principles. The reasons
for this was probably the countries using
cyberspace, conducting cyber operations
covertly, were reluctant to put their views
on record. Now, there is some debate,
principally between countries in the West,
about the extent to which sovereignty
is a legally binding rule in the context
of cyberspace and, if so, how it and the
principle of non-intervention might
apply in practice.
President Emmanuel Macron of
France, on 12 November 2018, launched
the Paris Call for Trust and Security in
Cyberspace, urging for the development
of common principles at the UNESCO
Internet Governance Forum. In the
USA, the President’s National Security
Telecommunications Advisory Council
observed, the U.S. is “faced with a
progressively worsening cyber security
threat environment and an ever-

increasing dependence on internet
technologies fundamental to public
safety, economic prosperity, and overall
way of life. Our national security is now
inexorably linked to cyber security’.
In the last few years, certain countries
have put on record how they consider
international law to apply to states’
activities in cyberspace, namely the UK,
Australia, France and the Netherlands.
While there may be some differences
in their approaches, there also remains
important common ground: namely,
that existing international law already
provides a solid framework for regulating
states’ cyber activities, as it regulates every
other domain of state-to-state activity.
However, other countries have
called for ‘new legal instruments’ in this
area. This includes a proposal by the
Shanghai Cooperation Organisation
(led by Russia and China of which India
is also a member) for an International
Code of Conduct on Information Security.
The UN has also formed a new Open-
Table-1: Trends of cyberattacks
Trends
Hackers are increasingly targeting
connected smart Home devices
High reconnaissance activity
Critical infrastructure continues to be a
key target
Attacks on Operation technology (OT)
systems continue to rise
Attacks on smart city and defence
installations remain high
Hosted botnets still active
Increased detection of military
grade malware
Source: Subex Ltd, Report the state of IoT security in India | 03, November 2019(10)
Ended Working Group (OEWG) under a
resolution proposed by Russia to consider
how international law applies to states’
activities in cyberspace. In the OEWG
discussions at the UN in September 2019,
several countries claimed that a new legal
instrument was needed to fill the ‘legal
vacuum’ (Cuba) or ‘the gap of ungoverned
areas’ (Indonesia).
The existence of the OEWG exploring
the same issues in a separate process
reflects the fact that cyber norms have
become an area of geopolitical rivalry.
Though all countries demand for the
application of international law, most
of them are also adopting divergent
approaches to the domestic regulation of
cyberspace within their own territory. The
emerging trend towards a ‘splinterne’– i.e.
between states that believe the internet
should be global and open on the hand,
and those that favour a ‘sovereignty and
control’ model on the other – is making
discussions at the GGE more challenging.
China has coined a term ‘cyber
Explanation
Malware targeting such devices are more easily
available. It is also possible that first time hackers
are targeting these devices to gain experience
India continues to be in the cross hairs of state
and non-state actors
Such installations are targets for sophisticated
attacks launched by state-backed and
experienced hackers
With more OT systems getting connected with
IT networks, they are attracting more attacks.
Hackers are targeting IT and OT systems using
similar malware. As OT systems are often using
older technology and security aspects are not
getting adequate attention, the chances of hackers
succeeding remains high.
These two are the usual targets
Lack of adequate security measures, use of
second hand devices and default passwords
have all contributed to devices turning into bots.
Botfarms continue to expand as newer devices
get added on a daily basis
A huge cache of such malware was released
by some developers in January 2019 some of
which have now ended up in the hands of hackers
targeting Indian installations
www.geopolitics.in February 2020
defexpo
sovereignty’, distinct from the
international law concept of sovereignty.
This term describes the wide-ranging
powers it assumes under domestic law to
regulate its citizens’ access to the internet
and personal data within its territory. This
approach of China is being used by other
authoritarian countries. For instance,
Russia’s has recently enacted ‘Sovereign
Internet Law’.
India’s Cyberspace capabilities
India is second largest country in terms
of population, third largest country
in terms of GDP on PPP and seventh
largest country in terms of geographical
area. It is multi-cultural, multi-lingual,
multi-religious country with very
fertile agriculture landmass, diversified
industrial base and vibrant services
sector. Its economy has been growing fast
during the last two decades and it has
become around $3 trillion economy. It
has aimed to achieve $5 trillion economy
status in the coming years. India is also
surrounded by enemy countries which
have been raising a low intensity proxy
war against India. In addition, increased
power of non-state actors/terrorist to
disrupt the economic functioning of
the country is a serious threat. India’s
modern critical infrastructures like
energy, telecom, ports, transportation,
etc are using digital technologies and
control systems. A large population of
India is using internet and smartphones,
and India is counted as having the second
largest online population. E commerce
is flourishing and generating huge data.
Increased use of digital payments, vast
financial system and e governance, the
cyberspace has become critical area to be
protected and secured.
India is facing continuous cyber-
attacks on its cyberspace. A report
prepared by Subex Ltd ‘The state of
internet of Things security in India-Q3
2019’ in November 2019 has given the
following key numbers of cyber-attacks in
the quarter ending October 2019: 14000
critical attacks detected of very high
sophistication and persistence, 70,300
High grade attacks, 8300 malware variants
identified, 3507 modular malware
samples isolated, 90 days average
malware persistence, Bengaluru, Mumbai
and New Delhi together account for 38
percent of all attacks detected. The report
also presents the trends of cyber-attack
shown in Table-1.
The key numbers and trends showed
in Table-1 shows that India urgently needs
protection and strong cyber security
capabilities. It lacks effective offensive
73
 India 2020
Wikipedia
and defensive cyber security capabilities
and lack access to mechanism vital to
confronting sophisticated malware.
In order to further explore the India’s
cyber capabilities, data from two Global
cyber security index has been taken and
compared with other leading countries’
cyber security capacity. First, Global
Cyber Security Index (GCI) 2018 prepared
by ITU has placed India on 47 rank. As
per this GCI, shows that India has strong
commitment and capabilities in cyber
security. Global Cyber Security Index 2018
has examined the cyber capabilities and
commitment of 194 countries on five
pillars: Legal, Technical, Organisational,
capacity building and cooperation (see
Table-2).
On the basis of five dimensions on
which GCI score has been prepared,
a comparison of top 10 countries is
presented in Table-3. This table clearly
shows that most of the top countries have
high commitment on all the dimensions
except cooperation. There is a need to
increased international cooperation in
the field of cyber security. Two Asian
countries, Singapore and Malaysia have
been included among top nations.
All the countries in GCI score are
ranked and placed in three categories: high
commitment, moderate commitment and
74
defexpo
Table-2: Five Dimension of Global Cyber
Security Index
1. Legal: Measures based on the existence
of legal institutions and frameworks dealing
with cyber security and cybercrime.
2. Technical: Measures based on the
existence of technical institutions and
framework dealing with cyber security.
3. Organisational: Measures based
on the existence of policy coordination
institutions and strategies for cyber security
development at the national level.
4. Capacity building: Measures based on
the existence of research and development,
education and training programmes,
certified professionals and public sector
agencies fostering capacity building.
5. Cooperation: Measures based on the
existence of partnerships, cooperative
frameworks and information sharing
networks.
February 2020 www.geopolitics.in
A 5G mobile tower
installed in Germany
low commitment. Table-4 gives GCI score
of selected developed and developing
countries. India’s score is 0.719 and rank is
47. This is considered high commitment
in all pillars. South Africa, Iran and Brazil
have committed and engaged in cyber
security.
The report has also projected that
cyber-crimes will cost world US$2 trillion
by 2019. There will be less ransom-ware
attack but more of personal data breach
and critical infrastructure breaches. There
is widening gap among countries in terms
of cyber security legislation, strategies,
emergency response teams, awareness,
capacity to spread out strategies,
capabilities and programme.
To get a further insight in the
capabilities another Index ,National
Cyber Security Index, is used. The
National Cyber Security Index (NSCI) is
a global index, prepared by e-governance
Academy of Estonia. This Index measures
the preparedness of countries to prevent
cyber threats and manage cyber incidents.
The NCSI is also a database with publicly
available materials and a tool for national
cyber security capacity building.
The NCSI focuses on measurable
aspects of cyber security implemented
by the central government:1) Legislation
in force – legal acts, regulations, official
 defexpo

operations is poor to non-existent. This

Table-3: Global Ranking of GCI score of Top 10 countries clearly shows the areas in which India
Rank Member GCI Score Legal Technical Organisational Capacity Cooperation needs to develop.
States Building Let us look at the legal framework
and the institutions created by the
1 United 0.931 0.200 0.191 0.200 0.189 0.151 Government of India. There has been
Kingdom constant institutional capacity building.
India has enacted Information Technology
2 United 0.926 0.200 0.184 0.200 0.191 0.151 Act 2003 and National Cyber Security
States of Policy 2013 (NCSP). NCSP is criticised
America on number of points as it just talks of
3 France 0.918 0.200 0.195 0.200 0.186 0.159 principles and no integrated framework is
presented to operationalise cyber security
4 Lithuania 0.908 0.200 0.168 0.200 0.185 0.155 threats etc. and there is no discussion on
new technology risk. There are multiple
5 Estonia 0.905 0.200 0.195 0.186 0.170 0.155 stakeholders in the policy which leads to
6 Singapore 0.898 0.200 0.186 0.192 0.195 0.125 ambiguity and indecisiveness. Moreover,
India is yet to develop a Data protection
7 Spain 0.896 0.200 0.180 0.200 0.168 0.148 law. Draft legislation has been submitted
8 Malaysia 0.893 0.179 0.196 0.200 0.198 0.120 to the parliament in December 2019
and has been referred to Committee for
9 Norway 0.892 0.191 0.196 0.177 0.185 0.143 further scrutiny and approval. There is no
10 Canada 0.892 0.195 0.189 0.200 0.172 0.137 cyber security legislation of strategy.
India has created overtime a large
Source: Based on Global Cyber security Index, 2018 number of cyber security institutions and
capabilities. Some of these institutions
are as follows: National Cyber Crime
orders, etc. 2) Established units – Germany, France, etc, India’s capacity is Coordination (NCCC), Indian Computer
existing organisations, departments, average except in case of Education and Emergence Response Team (CERT-
etc. 3) Cooperation formats – council, professional development, protection In), National critical Information
committee, official working group, etc 4) of essential services, E-identification Infrastructure Protection Centre
Outcomes / Products – policies, exercises, and trust services, cybercrime and crisis (NCIIPC), Cyber Swachhta Kendra,
technologies, websites, programmes, etc. management. India’s capacity in terms National Technical Research Organisation
The index has 3 categories, 12 capacities of cyber threats analysis and informing, (NTRO), Network Traffic Analysis System
and 46 indicators. The result of this index contribution to global cyber security, (NeTRA) of DRDO, CERT-Fin (For
is different from GCI. The NSCI score has protection of digital services, protection Financial Sector), Crisis Management
been compared with Digital Development of personal data, and military cyber Plan.
Level (DDL). The digital development
level is calculated according to the ICT
Development Index (IDI) and Networked Table-4: Global Rank of GCI of Selected Countries Including India
Readiness Index (NRI). The DDL is the Country Score Global Rank GCI group
average percentage the country received
from the maximum value of both indices. United Kingdom 0.931 1 high commitment in all five pillars
The difference between DDL and NSCI
USA 0.926 2 high commitment in all five pillars
shows that difference between the two.
If NSCI is higher than DDL, it shows France 0.918 3 high commitment in all five pillars
that there is more commitment and
capabilities on cyber security than the Japan 0.880 14 high commitment in all five pillars
general digital development level in the Germany 0.849 22 high commitment in all five pillars
country and vis a versa. Table-5 presents
the comparison of national cyber security Russia 0.836 26 high commitment in all five pillars
index with digital development level. China 0.828 27 high commitment in all five pillars
Table-5 clearly shows that most of
countries, including top nations have India 0.719 47 high commitment in all five pillars
more developed digital capabilities than
South Africa 0.652 56 Developed commitment & engage in
the cyber security capabilities. However,
in case of India, the commitment and cybersecurity
capabilities are more for cyber security. Iran 0.641 60 Developed commitment & engage in
This confirms the earlier GCI score report cybersecurity
showing India’s high commitment to
cyber security. A further detailed analysis Brazil 0.577 70 Developed commitment & engage in
of 12 capacities has been given in Table-6. cybersecurity
Table-6 shows that in comparison of
other top countries, like the US, the UK,
Source: Based on Global Cyber security Index, 2018

www.geopolitics.in February 2020

75
 India 2020 defexpo

Table-5: Comparison of National cybersecurity Index with Digital Development Level

eply inte- d
Country Rank National cyber Digital Development Difference
security Index Level m y i s d e
c on o e an
United Kingdom 8 75.32 83.96 -8.64 China’s e h the US via trad rnet
it
grated w nt. The global inte ivity
USA 21 64.94 82.33 -17.39 t
i nv e s t m e a s e d s u c h c o n n e c c k
has in h the scope for ta
r e a t
France 1 83.12 79.06 4.06 c
Japan 17 66.23 82.15 -15.92
along wit
Germany 2 83.12 81.95 1.17
Russia 22 63.64 67.49 -3.85
China 53 38.96 58.00 -19.04
India 39 50.65 42.29 8.36
South Africa 69 28.57 54.80 -26.23 These CDCs are powered with cyber
next platform (a platform powered
Brazil 67 29.87 59.17 -29.30 with next-generation cybersecurity
capabilities) and deliver 24x7 next-
Source: Based on The National Cyber Security Index, 2018 gen managed security services with a
combined capacity of 1000 plus seats.
India has also built strong IT companies have been incorporated in the The company is taking three-pronged
capabilities in terms of a vibrant IT last one decade. Some of the companies approach to constantly skills, reskill
ecosystem that includes IT corporate are enjoying an average annual growth and upskill. For the first part of skilling,
sector, IITs and engineering education rate of 60 percent. These companies the company has partner in Purdue
institutions etc. As the IT sector is evolving have achieved turnover of over $450 University in Indiana, US. Re-skilling is
with computer, internet, server services to million in 2018. Around one third of these done through ‘training, certification and
high volume data sharing over internet, to companies are offering products in AI/ constant development of skills in specific
smartphone and cloud to smart devices MI domain. Among all these companies technology and domain, infrastructure
now, along with ever growing cyber around 65 percent are offering both cyber security, Security information and
security risks and challenges, the Indian security product and services and around event management (SIEM), security
IT enterprises are also evolving their 35 percent are offering pure product orchestrations, automation and response
capabilities and strengths. As estimated solution. These companies have filed 116 (SOAR) etc. Finally, constant up-skilling is
by the Gartner cyber security market patents out of which 44 patents have been done on niche technology training, such
worldwide is going to be $124 billion by granted. as cloud operational technology/Internet
2019. Indian IT sector has potential to be Infosys, an Indian IT giant, is also of things, block chain and 5G.
a global hub for cyber security product expanding its cyber defence centres There is, however, a shortage of skilled
solutions. The cyber security companies (CDCs) from existing 5 (located in Pune, manpower. NASSCOM has estimated
in India have increased from 1 in 1990 Hyderabad and Bucharest) to 7 (2 new that India needs 1 million skilled people
to 175 in 2018. Seventy percent of these ones in Indianapolis and Mysuru). whereas at present we have around 50000
Wikimedia Commons

Feature detection (pictured: edge detection) helps Artificial Intelligence compose informative abstract structures out of raw data

76 February 2020 www.geopolitics.in

 defexpo

on the cyberspace take information of

Table-6: Detail score of 12 dimension of National Cybersecurity Index of select countries individual and their activities as price.
United Germany USA France Russia China India The business models of the companies
Kingdom operating in cyberspace keep on
changing. An up to date awareness of
Cyber security policy Policy 86% 100% 57% 86% 86% 14% 57% these issues needs to be given to the
development people. Government should develop
some mechanism of providing these
Cyber threats Threats 100% 100% 20% 80% 60% 20% 20% services.
analysis Technology Development as National
and informing Priority: Second pillar of such strategy
Education and Education 100% 100% 89% 89% 89% 89% 100% is the development of technology to
protect from the cyber threats, attack
professional and wars. At the same time, it needs to
development develop offensive capabilities also to send
Contribution to global Global 100% 33% 100% 50% 17% 17% 17% signals and impose cost on the attackers.
cyber security Technology is changing fast. There
is need to develop skilled manpower
Protection of Digital 0% 100% 20% 80% 40% 60% 0% and research talent to continuously
digital services improve their capability. There is need
to support cyber security ecosystem by
Protection of Essential 67% 100% 100% 83% 67% 83% 67% the government in terms of funding,
essential services market access and opportunity creation,
E-identification and eID& TS 89% 89% 11% 89% 89% 22% 78% testing and certification, R&D capacity
development etc. IITs providing active
trust services
support to incubators and accelerators
Protection of Personal 100% 100% 0% 100% 100% 25% 0% need to be encouraged.
personal data Legislation: Third pillar is legal
framework to protect the data, capabilities
Cyber incidents CIRC 50% 67% 67% 67% 50% 50% 50% and institutions. It should also penalise
response 24/7 the entity for breach of privacy and data.
India has developed Draft Data Protection
Cyber crisis Crisis 40% 20% 80% 60% 0% 20% 60%
Bill based on Sri Krishna Committee
management report. The same was presented in the
Fight against Police 67% 100% 100% 100% 78% 11% 78% parliament for approval. However, this
cybercrime has been referred to parliamentary
committee for further consultation.
Military cyber Military 100% 67% 100% 100% 50% 50% 0% There is also a need to relook and
operations redevelop the old legislation in view of the
dynamic technological development and
Source: Based on the National Cyber Security Index, 2018 geopolitical developments.
Cooperation-Internal and External:
trained workers. It needs the involvement Lastly, there is need to develop
of universities and higher educational cooperation internally and externally.
institutions. This will also take care of Internally, there is a need to develop

unemployment problems in India.
Integrated Cyber Security Strategy and
Policy-Need of the Hour
t m o v i ng T h e
r ld i s f a s
The wo igital economy. nomy
towards de USA’s digital eco ion,
cooperative environment among the
institutions looking after cyber security.
Even for developing skill capabilities,
a collaboration between educational

size of th as almost $1.5 trill l

India needs an integrated cyber security
strategy and policy in view of ever-
changing technology and threats. As
mentioned above, the use of AI in
cybercrime and attacks needs new
strategy and technology. Cyber security
policy is also increasingly risk-based,
requiring governments, organisations,
and businesses to assess the risk of attack,
determine potential harm, and develop
appropriate measures to reduce the risk
or impacts. India’s cyber security strategy
should be based on the following four
pillars:
Public awareness and education: All
in 2017 w percent of the tota
that is 6.9
G DP
the people need to be made aware of the
risk involved in the use of cyberspace and
sharing their information and loosing
privacy. All the services freely available
institutions and government institutions
is required. Industry should also
collaborate to identify new types of
technology and threats. Internationally,
with the growing threats of cyber war and
crime, collaboration at the UN and other
international bodies is required. New
networks and institutions are emerging
with collaborative mindset and to protect
others from cyber security threats and
wars. There is a need to identify and
collaborate with them.
The author is Professor, Department of
Business Economics, University of Delhi

www.geopolitics.in February 2020

77