Sign up to our newsletter Back to news
Need to beef up India’s cyber security policies and mechanisms
Take a stock of the past, analyse the present cliché and frame a strategy for future. In the recent years, India’s approach to cyber security has experienced a shift from style to substance. Prime Minister Modi’s foreign policy has made various strong interventions on cyber security matters. Those interventions need to be materialised to manoeuvre the interest. Presumably, the Prime Minister Office (PMO) is likely to invest both political and capital energy to enhance a cautious cyber-strategy. A dedicated Division in the Indian Ministry of External Affairs (MEA) for cyber security is a value addition to that. In 2015, Minister of Communications and Information Technology in a written reply to the Lok Sabha stated that government allocated Rs 755 crore to combat cyber security threats over a period of five years. But, this financial outlay is quite negligible as the nature of threat is quite huge and unpredictable.
Cheer up, the worst is yet to come! One of those famous words penned by noted American author and novelist Mark Twain a long ago. This sentence is a stark reminder of India’s dawdling approach to new threats. India’s cyber sleuth may be holding their nerves for the worst to frame a robust apparatus to secure cyber ecosystem. The Google Trends of 2015 demonstrated that Islamic State (IS) was a buzz word in India while terrorism continued to exist as the area of concern. Nonetheless, interest over the time for IS’ in Indian Cities is increasing significantly.
As the nature of threat is looming large, New Delhi needs to espouse a new strategy to deal with different ‘variants of terrorism’. An illustration of the expanse of terrorism in India underlines that from 2001 till 2015, India has faced 57 terror incidents. It is disturbing to note that 2008 was the worst year in terror attacks with 11 incidents in 12 months. In addition, on the second day of 2016, India also experienced the worst cross-border terrorist attacks since 26/11. From Mumbai to Pathankot, use of Internet and cyber technologies has been emerging as a dominant tool for terror organisation. On the other hand, IS’ threat from India’s extended neighbourhood is also a concerning fact for the security establishment.
Some distinctions can be drawn from these trends to build a strategic approach. First, India is quite safe from IS’ direct attacks, but New Delhi should not shy away from paying attention to the exponential growth of IS’ radicals in South Asia. Secondly, government should take balanced and proactive measures to protect the national security, but not at the cost of trammelling upon individual liberty. Thirdly, a comprehensive approach towards gathering real time and accurate information to curve IS’ ‘cyber honey trap’ can be possible only through ‘trust’ between the government and private sectors.
However, as the Indian government prepares to presents the new budget for the next financial 2016-17, in view of the imminent cyber threat, the much needed allocations for cyber security and commitments for terrorism can be considered as a welcoming step. That will help to boost the finance and morale of cyber sleuth and cyber security research apparatus.
Matrix of cyber-terror
Cyber-terrorism was first coined by a Barry C. Collin way back in the 1980s. For decades, huge amount of research has been undertaken to underline the nexus between internet and terrorist. A report on ‘The use of the Internet for Terrorist Purposes’ was published by the United Nations Office on Drugs and Crime in collaboration with the United Nations Counter-Terrorism Implementation Task Force in 2012. The report stated that ‘the use of the Internet for terrorist purposes is a rapidly growing phenomenon, requiring a proactive and coordinated response from Member States’. Global Power does not have any specific definition to ‘terrorism’, it also failed to underline ‘what cyber-terrorism is’. Who will break the ice? What the world wants is ‘a definition’ or ‘a comprehensive action’ towards curbing terror and its various growing variants.
Technology is value neutral but how it gets used, who use it, for what, makes all distinction and difference. Is a shadow of cyber-terror growing? Is it a new normal? Or something strange has happened when the lion was sleeping.
What were initially dismissed as quiet ripples have now become deafening roars especially as the IS’ been exploiting the cyberspace to its advantage in many effective ways. IS’ cyber tactics can be divided in two parts – generating fear and gathering radicals. These are two old tactics of terror organisation to get spotlight in global politics, but the way IS’ leaving its footprint in cyber and media has made security increasingly vulnerable.
There is need for comprehensive approach, precise information and prudent cooperation. On the contrary, there is also a need to understand IS; it is a mixture of Taliban and al-Qaeda. It has territorial and technical outreach, financial capabilities and dedicated active radicals all over the world to bring destruction to human civilisation. New age terrorist needs new tactics. Is it possible to destroy ‘terrorism’ by bombs not by hearts and minds? This redundant ‘bomb theory’ failed to serve the purpose and paved the way for the rise of new variants of Islamic Cyber Caliphate – IS.
Information is power
A brief analysis of the Global Terrorism Index 2012, Ministry of Home Affairs Annual report 2014-15 and Global Terrorism Index 2015 underline that India has taken good measures to address the issues of terrorism. In this digital age that holds the information holds power. On the other hand, India is still lagging behind to get information about cyber terrorism. There are many instances since 2008 that terrorist are sophisticatedly using internet as tool to manipulate their means and goals.
For instance, after the 2008 Mumbai terrorist attacks the then India’s foreign secretary Shivshankar Menon and former national security adviser said ‘no one put together the whole picture… not the Americans, not the Brits, not the Indians… only once the shooting started did everyone share and then the picture instantly came into focus’. The post-Pathankot scenario also spoke of similar claims that both the Indian Intelligence Bureau and the Punjab State intelligence had sent out clear indication down the line, five days ahead of the terrorist attacks that there was a huge threat to fences on the border with Pakistan, recommending extreme preparedness. But the intelligence gathering did not gain any currency either by the defending the key installations in the area or the local police. As a result, the six terrorists were able to sneak into the Indian Air Force base and launch a massive attack on some of India’s most strategic installations and equipments.
The flip side of the Pathankot attack was that ISI used fake Facebook profile to gather critical information about the airbase and only after the attack took place did the security personal got to know about it, why not before?
The deepening and expanding nature of terror incidents across the globe and India’s neighbourhoods sooner than later may pose serious cyber terror threats to national security. The new-age terrorists know how to use cyber space in expanding their outreach, networking and targeting their goals.
Practically, can New Delhi comprehend a strategy to ‘data scarcity’ in regard to cyber terror? In his 2014 book ‘World Order’ Henry Kissinger envisaged that ‘search engines are able to handle increasingly complex questions with increasing speed. Yet a surfeit of information may paradoxically inhibit the acquisition of knowledge and push wisdom even further away than it was before’. Big data is the big weapon of the time. It can be used to study the behavioural matrix of the terrorist and radicals.
Apart from ironing out any technical wrinkles and policy gaps, the need of the hour is to build ‘trust partnership’ between public and private sectors. At the broadest level, adequate policy work and monetary resources are required to conduct research and create institutional mechanisms to become a cyber threat resilient state. From the technical point of view, India has to tackle the issue of information scarcity – either keeping the data in Indian cyber-ecosystem or have access to the accurate data in real time.
26 February 2016