India Should Focus on Information Sovereignty, Not Cybersecurity
Electronics intelligence experts is the need of the hour for multi-agency tasks.
The premise of diplomacy is negotiation, to sit at the table with a peek into the other party’s mind. In the hustle of bilateral deal-making, balance is an art. Nothing more should be offered than what we think the other party deserves, nothing less than it secretly expects.
If inequity in such a marriage gives rise to the suspicion of infidelity, then India’s misguided pursuit of cybersecurity cooperation with the US is fraught from the very beginning. A landmark cyber assistance framework has been sought from the US.
It would be incorrect to call it a deal as it’s unclear what India has to offer in return. Yet, more alarming is the blinding ignorance of the diplomatic advisers nudging the Prime Minister into a national security quagmire.
My last file noting before I left the National Technical Research Organisation (NTRO) arrived just a few days after the first set of leaks by Snowden. I had appealed for the urgent creation of a multi-agency task force roping in electronic intelligence experts.
These include the Indian Air Force, counter-espionage operators from the Army, cryptoanalysts from the Navy, and hackers from the NTRO. The complete domestic electromagnetic spectrum has become a massive Command-and-Control relaying pried information.
With its dominance over the global technology trade, the US has managed to sabotage most communication interfaces – right from the first semiconductor chip to the last of the software that goes into a computing device.
Needless to say, American vendors, bleeding profusely after the Snowden leaks, are regretting their decision to accommodate the “strategic partnership” with the NSA. A preliminary risk assessment would prove that American infrastructure suffers from the same systemic vulnerabilities that the CIA and the NSA have a penchant for exploiting.
What if that information finds its way to even less trustworthy hands? Unbeknownst to us, their risk becomes ours because the information was ours. This is what the strategic community has to take cognisance of – the implicit idea of instability in the digital age. It is impossible for connected societies to remain fully sovereign now.
From the Indian cybersecurity specialists largely employed by multinational corporations, to a cyberspace powered by foreign hardware, government agencies and a private sector that rely on overseas procurement among others, the message is lost in translation by the time it reaches the Prime Minister’s ears.
Even if we do swallow the bitter pill of being surveilled, how do we plan to keep our end of the diplomatic bargain? How do we even size up what the bargain was in the first place?
At one of the seminars organised by FireEye, a wildly popular cybersecurity vendor, its Indian executive headlined a slide explaining the cyber spying nexuses originating from China, Taiwan and North Korea as “The Axis of Evil.
When I questioned the executive as to why their product – reputed for detecting hitherto unknown attacks – had never stumbled upon Western malware, the answer was expectedly vague.
Such is the soft power associated with American tech that even prominent Indian lobbying groups like NASSCOM get swayed by their definition of evil. Not a week goes by without India figuring in the list of countries targeted by some cyber-espionage campaign or the other.
Take the recent disclosure about Suckfly that burrowed deep into multinational enterprises of Indian-origin. The barrage of negative media surrounding the incident severely undermines the confidence of India’s outsourcing industry and its diminishing ability to protect sensitive customer data. In terms of technicality, the attack was rather unsophisticated.
Casually sifting through its details, I found a vital clue that could have possibly led to the identity of the attackers. One of the domains used in the operation was registered with an Indian hosting company, thus allowing easy access to its billing and technical logs. A systematic and timely investigation could have helped set a precedent.
I am dumbfounded that no agency of the government, be it the Indian Computer Emergency Response Team or the National Critical Information Infrastructure Protection Centre, ever responded to the matter.
As this blitzkrieg over the ether sets back our economy and security by decades, blissful ignorance on part of the establishment seems to have become the norm. We haven’t heard anything meaningful from India’s first cybersecurity czar Dr Gulshan Rai since his appointment, two years ago.
The perception that even cyber-defence entails the involvement of “cutting-edge” foreign vendors is rather counter-intuitive. There are no allies to be sought in this war of attrition. Israel, Canada, Britain, Germany, Romania, Pakistan, South Korea or Japan, we are fair game for all.
The Global Common that is the Internet has been subjected to many uncommon transgressions. India needs to put itself in high gear on the road to information sovereignty, or it may trail further behind in the race for dwindling global resources.
(The writer helped set up the cyber-warfare operations centre at the NTRO, India’s technical intelligence agency. This is a personal blog and the views expressed above are the author’s own. The Quint neither endorses nor is responsible for the same)
(The Quint is available on Telegram. For handpicked stories every day, subscribe to us on Telegram)
Subscribe To Our Daily Newsletter And Get News Delivered Straight To Your Inbox.