National
Security is a very vast and complicated field to manage as it
encompasses various facets of security. It includes traditional
security of borders and infrastructure to Cyber Security of the
Indian Infrastructure and Cyberspace. India has been lax on the front
of National Security in general and Cyber Security in particular. The
National
Cyber Security Policy of India 2013 has been drafted recently and
its actual and full implementation is still missing.
Further, various components of National Security are
still operating in vacuum and independent of each other making the
entire concept of National Security a façade. For instance, the
Cyber Security Policy of India is still not a part of the National
Security Policy of India. In fact, we have no National Security
Policy of India that is presently implemented by Indian Government.
The Cyber Security Policy of India must be an “Essential and
Integral Part” of the National Security Policy of India.
DNA
India has reported that the current UPA Government led by Prime
Minister Manmohan Singh is set to unveil a draft of National Security
Policy for public debate. The National Security Advisor Shiv Shankar
Menon has already started working in this regard so that a well
defined strategic policy framework can be adopted by the new
Government after a public debate. It seems the intention is to make
the National Security Policy of India operational after the 2014
Elections are over. This is logical as well as such crucial policies
cannot be implemented at time of uncertainties. The National Security
Council (NSC) has already proposed three pronged Cyber
Security Action Plan for India.
The UPA Government has its own share of successes
like securing Indian borders and avoiding any big threat from
outside, getting the non-permanent member status of the UN Security
Council, obtaining a permanent seat at the Arctic Council and a chair
at G-8 negotiations, etc. So the “Failures and Achievements” of
the present UPA Government are somewhat balanced in nature.
India already has a doctrine for its defence as well
as strategic forces, both for conventional and sub-conventional wars.
But the new doctrine will be over-arching, comprehensive and will
incorporate elements of foreign and internal security policies.
Though the proposed draft of the Policy is still at
the infancy stage yet it may act as a resource guide to deal with
Indian National Security issues. The proposed Policy would look at
all aspects of National Security including the Economic,
Technological, Political, Cyber as well as Scientific. It would
also streamline the Security Strategy and address the systemic
lacunae in the absence of a clear and comprehensive policy.
A “Special Focus” upon Cyber Security is need of
the hour. To start with a dedicated Cyber
Security Law of India must be formulated. A robust and
comprehensive Telecom
Security Policy of India must also be immediately formulated.
Further, Draconian and Disabling Laws like Information
Technology Act, 2000 and Indian
Telegraph Act, 1885 must be “Repealed” as soon as possible.
Civil
Liberties and National Security Requirements must be “Reconciled”.
A dedicated Privacy
Law of India must also be formulated immediately to strengthen
Privacy Rights in India.
During the exposure of engagement of E-Surveillance
by the National Security Agency (NSA) of U.S., James Clapper
confirmed
that NSA is targeting Foreign Citizens for Surveillance. This
E-Surveillance is further “Combined” with Tactics and Techniques
of Cyber
Warfare, Cyber
Espionage and Cyber
Terrorism, etc. The traditional Cold War Era may be over but the
Technology Assisted Cold War is still in vogue. Malware like Stuxnet,
Duqu, Flame,
Uroburos/Snake,
etc have simply proved this point.
These Malware are not the tasks of a group or
company but expert malware makers that are supported by Developed
Nations. The United States has been accused of making these Malware
in the past and it is also believed that U.S.
is the biggest buyer of Malware in the World. U.S. has also been
accused of using a combination of Radio
Waves and Malware to spy upon other Countries. It is well known
that Global
Cyber Espionage Networks are being actively and covertly used to
Spy on other Nations. This is evident from the fact that the Command
and Control Servers of Malware FinFisher were also found
in 36 Countries, including India.
These Malware used Cyber Attack Methods and Vectors
that are far beyond the Capacity of Traditional Cyber Security
Mechanisms to Trace and Prevent. This becomes a serious Cyber
Security Issue when Critical ICT infrastructures are at stake. For
instance, the critical
Infrastructure Protection in India and its Problems, Challenges and
Solutions (PDF) are still to be looked into with Great Priority
by Indian Government. It is only now that India has declared that
NTRO would
protect the Critical ICT Infrastructures of India. Similarly, a
Tri
Service Cyber Command for Armed Forces of India is in Pipeline.
Nevertheless, the Cyber
Security Infrastructure of India is Weak and it must be improved
as soon as possible.
Countries across the World have started to
strengthen their Cyber Security Capabilities. While protecting their
own Cyberspace domain, various Countries must understand that Cyber
Security is an International Issue (PDF) and not a National one.
Therefore, an International
Cyber Security Treaty is Required (PDF). As far as India is
concerned, the Cyber
Warfare Policy of India (PDF) and E-Surveillance
Policy of India (PDF) must be urgently drafted and implemented.
Similarly, Self
Defence and Privacy Protection in India must be ensured.
India’s own Projects like Aadhar,
National
Intelligence Grid (NATGRID), Crime
and Criminal Tracking Network and Systems (CCTNS), National
Counter Terrorism Centre (NCTC), Central
Monitoring System (CMS), Centre for Communication Security
Research and Monitoring (CCSRM), Internet
Spy System Network And Traffic Analysis System (NETRA) of India,
etc are violative of Civil
Liberties Protection in Cyberspace. None of them are governed by
any Legal Framework and none of them are under Parliamentary
Scrutiny. The proposed National Security Policy of India must
address this issue as well on a priority basis.