Recently
I attended CyFy organized by ORF.
Dr
Gulshan Rai, the Indian National Cyber Security Co ordinator, the Cyber Czar of
India, gave the keynote address. Some of the issues highlighted by Dr Gulshan
Rai are given below.
As
per the latest WEF report on an average daily e-transaction per day worldwide
is 12 billion. In India daily e-transaction is about 2.2 billion. Number of
online threat/day is 0.6 billion. As the
transitions going up so does the online threat. Out of these threats 6% are
serious in nature and merits immediate attention. 50% of them need attention. In
the next 7/8 years things world become much more complex.
Emerging
trends
Artificial
intelligence (AI) and Machine Learning will have mind boggling expansion.
Proliferation
of offensive cyber tools in the net.
There
will be repressive order on online media whether one likes or not.
Existing
business models would come under extreme pressure, will undergo further
transformation.
Big data
and analytics will be used more effectively.
Growth
of Public Private Partnership. Citizen will demand more and more control.
Heterogenity
of state posture will also increase.
Militarization
of Cyber Space. Tools used will be much more complex. States will indulge in
Cyber Warfare issues.
Attacks
like Wanacry, Petracry and their different versions will increase. We are still
not clear about and their originatiors.
Challenges
We are
in the process of drafting our Data Protection Act. There is a serious issues
of privacy. Will have to be reinterpreted.
International
Laws will become predominant. There has to be worldwide consensus on
International Law’s. UN Group of Govt Experts (UNGGE) are working.
Jurisdiction
in an important issue in light of expansion of digital space. There are issues
of technology, cross border, date residing in different parts of the world.
Cloud
Computing. There are issues of encryption, legal and
technical aspects.
Encryption
Policy. Draft encryption policy was put on public domain. Due to
various reasons this was withdrawn and could not be proceeded. Many other countries
also have the same view as we have in India in Govt circle.
Cyber
Diplomacy. Taking Importance.
Cyber
Norms. After recent cases of Wanacry there is an impetus on
voluntary or enforcement of internationally agreed cyber norms. There is a need
to debate/agree on cyber norms.
Right to self definer/counter measures/use of force. Critical issue.
We need to debate. Many countries have the same view as India.
Internet
governance:- After intense debate
we have adopted multi stake holder model. Whether it needs any modification or
amendment , whether we should follow ideal multi stake holder model or have
some role of Govt needs to be debated in a transparent manner. India has taken
up a case of route server in our country with ICANN. Due to lack of
transparency and changing of rules this has been blocked at ICANN. The culture
of a country or a region has to be considered. UNGGE did not succede this year.
We have to find ways and means to come to a consensus.
Q&A
Session.
Q1. In India 50% hand held
devices are Chinese manufactured. There is legitimate Cyber Security concerns. There is a
demand to ban Chinese brands in India. How do you respond?
Ans1. Today every device is
collecting information, updating. Location is updated, date is transferred. This
is true everywhere in the world. Issues of privacy and data protection are important
but complex, India is bound by International agreement. This issues have to be
sorted out at International level. Specific issues are raised in bilateral/multilateral
talks.
Q2. How do you secure our
critical infrastructure when there are foreign manufactured machinery in them?
Ans. There is nothing 100%
secure. We cannot ensure that. Most of our critical infrastructure is imported.
Maintenance has to be done by the companies who have supplied these equipments.
We have valid contracts between parties. We ensure that resilience in very
high. We are vigilant round the clock. We take help of all stake holders as
well as other countries. We invite manufacturers to share information in
advance. We take a Multi Stake holder approach.