Can Digital India transform country into connected economy without assuring cybersecurity?
The Digital India concept involves many different technologies communicating with each other in many ways. The only way to predict and eliminate all possible security issues is by embedding security from the planning stage to the actual implementation of digital technologies along with strict compliance with the cyber security policy, believes Altaf Halde, Managing Director–South Asia, Kaspersky Lab. In a candid conversation with Mohd Ujaley, he shares his views on what India needs to do to mitigate the immense information security related challenges posed by the Government’s Digital India initiative.
Some edited excerpts:
What are the opportunities do you see in the Government’s Digital India programme?
The Digital India initiative seeks to transform the country into a connected economy and it can be successful only when the security of the connected devices is assured. The Digital India concept involves so many different technologies communicating with each other in so many ways. The only way to predict and eliminate all possible security issues is by embedding security from the planning to the actual implementation of digital technologies along with strict compliance with the cybersecurity policy. This includes privacy protection, data protection and adherence to cyber laws. With the Digital India initiative, a lot of data will be collected by different bodies and this needs to be protected.
We deal in protection of critical infrastructure and we intend to provide a complete security solution against all kinds of cyber threats. We want to work with government planners and builders to raise awareness about cyber threats and share information on how to mitigate these threats before they can impact the public. We do look at the government vertical as a big contributor to our business. We have alliances with specific partners who have a focus in the government vertical.
What kind of cyber security challenges are we likely to come across?
Many organisations are working on intelligent solutions to make Digital India a success but unfortunately, a relatively fewer number of organisations are considering the cybersecurity of the digitalised country. With growing digitisation, the landscape for potential cyber security threats will also grow. Therefore, if security is not addressed early on, it could make the programme difficult to achieve the real goal.
Cybersecurity also affects physical security systems, especially critical public systems like video surveillance. When building the foundation of a Digital India, it is extremely important to not only think about the comfort, energy and cost efficiencies that the new technologies will bring, but also about the cybersecurity issues that might arise.
For example, take an example of mesh-network based surveillance systems which is mostly used in video surveillance. Let us look at how these systems can be breached. In mesh-network based surveillance systems, surveillance cameras are connected via a mesh network. This is a type of network in which nodes are connected with each other and serve as stepping stones for data (video feed in this particular case) on its way from a node to the control center. Instead of using a Wi-Fi hotspot or a wired connection, nodes in such networks simply transmit data to the closest node which transmits it further through other nodes right to the command center. Should an intruder connect to just a single node in the network, they will be able to manipulate the data transmitted through it. So, the challenges are huge.
What should be done to mitigate these challenges?
Partnerships with international researchers and organisations coupled with public and private partnerships will be the best way to address the ever increasing threats and potential risks for Digital India. In this context, we do not look at providing security only as a business opportunity. We have already initiated steps at an international level backed by leading IT security researchers, companies and organisations, including IOActive, Kaspersky Lab, Bastille, and the Cloud Security Alliance to solve the cybersecurity challenges through collaboration and information sharing.
From a regulatory point of view, what changes would you like to see in the area of cyber security?
As far as regulation is concern, India has already started moving in the right direction. We have seen and observed a lot of action from governments across countries. They are doing their best, to get the ready infrastructure needed to counter cyber attacks. As the part of “Digital India” initiative, the Indian government has already planned to launch ‘Botnet cleaning centers’. This proposal is part of the national cyber security policy to cleanup botnet infections in Internet-enabled devices. Botnet is a network of malicious software that can remotely gain control of devices, steal information and carry out cyber-attacks like Distributed Denial-of-Service (DDoS), which can prevent access to websites. This facility will be under the guidance of national cyber security watchdog Indian Computer Emergency Response Team (CERT). The Indian government has also been stepping up its efforts to address these challenges by increasing awareness about the cyber threats and we think it is just a matter of time that we will have the appropriate regulations and compliance in place.
Awareness is the key when it comes to fighting cybercrime, but why do private companies hardly give the necessary impetus to the awareness campaign, and leaving it alone for the Government?
Yes, I agree that awareness is going to be the key for all users irrespective of the users being government users, corporate company users or home users. Both the government and private companies need to collaborate together to create massive awareness in the masses about cybersecurity. And, yes, I agree that we all have to play our part in it.
The article first appeared in print edition of Express Computer magazine, February 2016 issue. Read it here : Express Computer, February, 2016
If you have an interesting article / experience / case study to share, please get in touch with us at [email protected]