Speaking at the annual meet of India's senior-most police officers recently, Prime Minister Manmohan Singh said that the "use of bulk SMSs and social media to aggravate the communal situation is a new challenge that the recent disturbances have thrown before us. We need to fully understand how these new media are used by miscreants". He assured that the government was working to develop a robust cyber security structure that would address the issues of threat management and mitigation, assurance and certification, capacity building and also enhance research in the area. Further, he mentioned, there is a strong need to build a partnership among the government, academia and private sector to tackle this challenge.
However, this is not the first time we are hearing such an assurance. In May, the National Security Adviser had assured the country the same. In 2011, the government put up a draft National Cyber Security Policy and the stakeholders had sent their comments and recommendations. But to date there has been no announcement on the policy. The country has witnessed cyber attacks of unique and advanced forms and has also witnessed the power of social media to foment fear and rouse communal passions. In the absence of a comprehensive policy, there can be no strategy to deal with such threats.
In May, two reports were published on the challenges facing India's cyberspace: one by a special task force set up by the Institute of Defence Studies and Analysis and the other under the guidance of the Data Security Council of India, a body under Nasscom. Both the reports have offered institutional options and the key steps for the government to tackle this issue.
The concerns on cyber security arise from two areas: technical infrastructure that runs the internet and the various applications and issues of use and misuse of that medium. In the former, hardware and software and its integration have vulnerabilities and need to be addressed regularly. Also, most of this infrastructure is in the private sector. So it is very critical to have a healthy involvement of the private sector in securing the networks and also constantly interacting to address and mitigate threats. As for the concerns around usage of the medium, a dialogue has begun on the balance between privacy and freedom of speech on the cyberspace and the need to control some content that has the potential to create trouble. Here too, the government must engage with the private sector to create awareness among users against the misuse of the web.
There are some fears around telecom equipment that facilitates internet communication but these are far-fetched. The private sector players whose products and solutions have a major play in the networks should be co-opted into the extended management of the networks. For that, the employee base of such companies needs to be sanitised, as it is done in the US. At the same time it will be far-fetched to expect the police forces to become cyber experts overnight and so a similar system should allow them to constantly rope in these organisations and individuals for investigative support.
Subimal Bhattacharjee heads a multinational corporation in India and writes on issues of technology and security
The views expressed by the author are personal