CyFy

Recently I attended CyFy organized by ORF.

Dr Gulshan Rai, the Indian National Cyber Security Co ordinator, the Cyber Czar of India, gave the keynote address. Some of the issues highlighted by Dr Gulshan Rai are given below.

As per the latest WEF report on an average daily e-transaction per day worldwide is 12 billion. In India daily e-transaction is about 2.2 billion. Number of online  threat/day is 0.6 billion. As the transitions going up so does the online threat. Out of these threats 6% are serious in nature and merits immediate attention. 50% of them need attention. In the next 7/8 years things world become much more complex.

Emerging trends

Artificial intelligence (AI) and Machine Learning will have mind boggling expansion.

Proliferation of offensive cyber tools in the net.

There will be repressive order on online media whether one likes or not.

Existing business models would come under extreme pressure, will undergo further transformation.

Big data and analytics will be used more effectively.

Growth of Public Private Partnership. Citizen will demand more and more control.

Heterogenity of state posture will also increase.

Militarization of Cyber Space. Tools used will be much more complex. States will indulge in Cyber Warfare issues.

Attacks like Wanacry, Petracry and their different versions will increase. We are still not clear about and their originatiors.

 Challenges

We are in the process of drafting our Data Protection Act. There is a serious issues of privacy. Will have to be reinterpreted.

International Laws will become predominant. There has to be worldwide consensus on International Law’s. UN Group of Govt Experts (UNGGE) are working.

Jurisdiction in an important issue in light of expansion of digital space. There are issues of technology, cross border, date residing in different parts of the world.

Cloud Computing. There are issues of encryption, legal and technical aspects.

Encryption Policy. Draft encryption policy was put on public domain. Due to various reasons this was withdrawn and could not be proceeded. Many other countries also have the same view as we have in India in Govt circle.

Cyber Diplomacy. Taking Importance.

Cyber Norms. After recent cases of Wanacry there is an impetus on voluntary or enforcement of internationally agreed cyber norms. There is a need to debate/agree on cyber norms.

Right to self definer/counter measures/use of force. Critical issue. We need to debate. Many countries have the same view as India.

Internet governance:- After intense debate we have adopted multi stake holder model. Whether it needs any modification or amendment , whether we should follow ideal multi stake holder model or have some role of Govt needs to be debated in a transparent manner. India has taken up a case of route server in our country with ICANN. Due to lack of transparency and changing of rules this has been blocked at ICANN. The culture of a country or a region has to be considered. UNGGE did not succede this year. We have to find ways and means to come to a consensus.

Q&A Session.

Q1. In India 50% hand held devices are Chinese manufactured. There is  legitimate Cyber Security concerns. There is a demand to ban Chinese brands in India. How do you respond?

Ans1. Today every device is collecting information, updating. Location is updated, date is transferred. This is true everywhere in the world. Issues of privacy and data protection are important but complex, India is bound by International agreement. This issues have to be sorted out at International level. Specific issues are raised in bilateral/multilateral talks.

Q2. How do you secure our critical infrastructure when there are foreign manufactured machinery in them?

Ans. There is nothing 100% secure. We cannot ensure that. Most of our critical infrastructure is imported. Maintenance has to be done by the companies who have supplied these equipments. We have valid contracts between parties. We ensure that resilience in very high. We are vigilant round the clock. We take help of all stake holders as well as other countries. We invite manufacturers to share information in advance. We take a Multi Stake holder approach.