Why cyber security is important for Digital India

Avinash Kadam ‘Digital India and ‘Make in India’ are two initiatives launched by the Government of India. ‘Digital India’ aims to tranform India into a ‘digitally empowered society and knowledge economy’ whereas ‘Make in India’ is ‘to facilitate investment, foster innovation, enhance skill development, protect intellectual property and build best in class manufacturing infrastructure’. Together, these will strengthen the brain and brawn of India respectively, leading to a prosperous and healthy India. Obviously, these initiatives would succeed only if the industries and enterprises prosper. The industries and enterprise would prosper only if they take care of the 4 Ms of manufacturing (Man, Machine, Material and Method) and now, most importantly, the cyber security. [caption id=“attachment_2424390” align=“alignleft” width=“380”]  Avinash Kadam, Advisor - ISACA India Cybersecurity Initiative[/caption] Why cyber security has become the backbone of the industries and enterprises now? Thirty years back, no one had even heard of cyber security, but then, no one had heard of hackers and hacks either. This is because of the Internet. It did not come into being with a Big Bang like the Universe, but it sure is expanding like Universe in all directions and now has become all-pervasive. Internet has changed everything. Quick adoption of the technology by businesses and enterprises has made mobile-banking, on-line shopping, on-line trading and social networking possible. Its many benefits help the business growth by creating new opportunities. However, Internet is not altogether a safe place because its anonymity also harbours cybercriminals. They have found ways and means to launch cyber-attacks on banks, large financial and manufacturing organisations, industries, even other nations. Their motives are financial gain, or ill-concieved patriotism or notorioty or just sheer destructive fun. A particularly insidious type of attack is an APT (Advanced Persistant Threat). It may not be detected for years, while it erodes the cyber security of the target. The reasons behind the increased number of hacks are manifold. – Cybercriminals are highly intelligent, diligent and motivated experts in the IT field, almost in the genius category. – Cyber security professionals lack the expertise, the training, the intense motivation needed to combat these individuals. – There is a proliferation of hackings tools on the Net but cyber security tools have not evolved to that extent. – Geographical distances or political boundaries do not matter because cyber-attacks can be launched from any corner of the world. In the fast evolving turf wars for cyber space supremacy, where do we stand? To be honest, we have a long way to go. First and foremost, most of the technology, both hardware and software, used in India, is imported, including cyber security tools. We do not have the requisite skills to inspect these for hidden malwares, Trojans, backdoors or flaws. Our knowledge of these vulnerabilities and weaknesses is limited to what we acquire through publicly available sources and vendor communication. We have practically no top-level experts for these high-end jobs at present. What we urgently need is national level effort to build skills in this very sophisticated area of technology to either develop such hi-tech equipment ourselves, or atleast be capable of critically inspecting them before these are deployed in critical infrastructure and critical industry sectors. Second level of cyber security professionals that we need are the hands-on experts who are skilled in the five major functional areas of cyber security as defined by NIST (National Institute of Standards and Technology) – Identify, Protect, Detect, Respond and Recover. As estimated by NASSCOM’s Cybersecurity Task Force, India needs 1 million trained cyber security professionals by 2025. The current estimated number in India is 62,000. To bridge this gap, the industries and enterprises should upgrade the skills of their cyber security and the IT staff by training and certification as a short-term measure.As long-term planning,we need to introduce cyber security courses at graduate level and encourage international certification bodies to introduce various skills based cyber security courses and performance based skill testing practical examinations. We need to provide hands-on training using concepts like virtual labs and cyber ranges. This brings us to the third level of cyber security. And this is us, the 1.0 billion mobile phone using Indians. Majority of the people are not aware that a smart phone is a master spying device that can be remotely controlled without the owner’s knowledge. A massive awareness program has to be conducted to teach us to use it carefully and responsibly by using strong passwords. Industries and enterprises should allocate larger budget for cyber security and staff the department with trained, certified cyber security professionals. The floodgates of information and that the Internet has opened, cannot be closed now. We are practically drowning in it even though it is beneficial. This situation could not have been foreseen but it can be remedied now by building a strong, secure ‘Digital fort’ to house ‘Digital India’ that would protect it from the cyber-sharks. We can do this by developing strong cyber security ‘skills’. This is the only solution. (The author is an advisor, ISACA India Cybersecurity Initiative)