New Delhi: India is creating a ‘coherent and comprehensive’ security policy to deal with the ‘anarchic new world’ of cyber threats, National Security Adviser Shivshankar Menon said here Wednesday.
‘(The) government is in the process of putting in place the capabilities and the systems in India that will enable us deal with this anarchic new world of constant and undeclared cyber threat, attack, counter-attack and defence," he said at the release of a report on "India's Cyber Security Challenge’ by the Institute of Defence Studies and Analyses (IDSA).
This will be a step toward the ‘coherent and comprehensive cyber security policy’ that the report calls for, he added.
Menon noted in this context that while the National Technical Research Organisation is tasked to deal with protecting India's critical security cyber infrastructure, institutions like CERT-IN (Computer Emergency Response Team-India) ‘have proved their worth during events like the 2010 Commonwealth Games when a staggering 8,000 cyber attacks were warded off.
‘We are making a beginning in putting in place a system of certification and responsibility for telecommunication equipment and are working on procedures and protocols which will rationalize communication interception and monitoring,’ he said.
Simultaneously, ‘we need to harden our critical networks. And, we will develop metrices to certify and assure that our critical cyber networks, equipment and infrastructure are secure,’ he added.
He pointed out the need to ‘create a climate and environment within which security is built into our cyber and communications working methods.’
All this had to be more than just a ‘whole-of-government’ effort, Menon said.
‘It must include the entire scientific and technological strength of the country, whether in laboratories, universities or in our private sector firms,’ Menon said.
Hoping that the report ‘will also bring some reason and proportion’ into the discussion on cyber security, he said: ‘There is invariably a hullabaloo when one of our websites is hacked. But websites are meant to be hit.
‘Their success is measured by how many people access or hit them. So when a website is defaced by hackers, as happened to the CBI website, it is not necessarily a security breach though it might hurt one's pride.’
At the same time, Menon admitted that one reason for public concern and anxiety ‘is the anarchic nature of the domain of cyber space, glimpses of which naturally cause alarm.
‘When this is combined with the potential effects of malicious attacks and disruptions in the cyber world upon such basic social necessities as power supplies, banking, railways, air traffic control, it is only natural that people should worry about cyber security,’ he added.
Menon also called for a sea change in the method of dealing with cyber war as ‘conflict or attacks in the cyber world do not follow the rules or logic of war as understood so far in other domains.
‘In this new domain of contention war, espionage, surveillance, control and the traditional security functions, activities and crime occur but differ from those in traditional domains.
‘Here we have to unlearn some of the lessons we learnt earlier. Traditional deterrence hardly works in a battle-space like the cyber world, where operations and attack occur almost at the speed of light.
‘At these speeds, there is a premium on attacking first, or offense,’ he said.
The 95-page report, put together by a 10-member team headed by cyber expert Nitin Desai, suggests, among others, that the home ministry be made the nodal agency for dealing with cyber crime and the National Security Council Secretariat (NSCS) should coordinate the efforts to protect the country's critical infrastructure.
It also speaks of the need for establishing a Cyber Coordination Centre staffed by personnel from the relevant operational agencies, raising a Cyber Command and building up offensive capabilities and raising Cyber Territorial Army battalions which can provide ‘surge capability’ to bolster India's resources during critical periods or in hostilities.