The Security Times, November 2013, Berlin, Germany
India is uniquely dependent on the cybersphere – it being the chosen medium for the implementation of the country’s socio-economic schemes. But this also exposes the country to a higher probability of cyber- attack, according to National Security Adviser Shivshankar Menon.“Commitments to plurality and democracy in the cybersphere have to be tempered by security considerations,”. Discovering the golden mean is both an Indian and a global imperative. It was against this background that delegates met in New Delhi on Oct. 14 and 15 for CyFy 2013, the inaugural India Conference on Cyber Security and Cyber Governance.
Given the democratic nature of India and its sheer size, the solutions it chooses will have a seminal influence on the future of cyberspace. The underlying theme for most of the discussions was how to preserve the democratic nature of cyberspace while protecting it. An early consensus emerged that privacy and individual freedoms would have to be balanced against the question of security of society as a whole. Thus, the state will have to be empowered to some extent at least, to deal with the kind of social instabilities that can be generated in the real world through acts in the virtual domain.
The debate threw up some interesting nuances. Once conference participant said surveillance was like salt – good in moderation, unpalatable in excess. But it is clear there are many unre-solved issues, including the very definition of what privacy is, and what it is that we are trying to protect.
The debate on the concept and limits of sovereignty in cyberspace was also combative. The central question was how to regulate a domain that is international in its operation through the exercise of national sovereignty.“Cyber governance is something of an oxymoron” said Kapil Sibal, Indian Minister for Communications and Information Technology, “and a re-imagined notion of sovereignty is essential to develop an effective cybersecurity paradigm. The dilemma here is the inherent conflict between national security and the necessity of international cooperation, which is to some extend based on countries ceding sovereignty and working with each other.
Another overarching theme, and one on which there was much less disagreement, was the role of the private sector. There seemed to be general consensus that the government’s role was morphing from that of a regulator to a facilitator. Delegates emphasized the state’s role in setting security standards to ensure the resilience of the net. Contrary to romantic notions of the internet and social media destroying the existing state system, the reverse is true the state is empowered more dramatically than ever before. However the question of providing or generating sufficient cooperation between the government, private sector and civil society proved especially thorny given the issue of trust and surveillance especially with regards to privacy.
Jaak Avaiksoo, the Estonian Minister of Education flagged the issue of the Internet “not being a virtual domain.” There as physical aspects to it, he pointed out, and that means there are specific requirements in terms of how we build resilience into the system. He also raised the question of moral legitimacy required to create a culture of trust building between the government and the people because the whole question of state versus citizen has been a central theme in the evolution of the debate on cyber governance.
India’s own policy in terms of developing a layered approach was brought into focus – specifically the question of training large numbers of people to ensure that India’s planned cybersecurity policy can be implemented. Deputy National Security Adviser Shri Nehchal Sandhu admitted that “while India has a national cybersecurity policy it is still to develop a national cyber-security strategy.”
The sheer size of India’s cyber population makes its national deliberations critical to the global dialogue. They key discussions here revolved around whether to promote sovereignty on the net or even to seek a wholly sovereign internet. Are we doing to side with those who say information security is absolute, or those who say each government has the absolute freedom to do what it wants in its own territory?
That India is finding its own middle way was best reflected by the fact that, despite furious debate, there was little to no mention of PRISM or Snowden. Being pragmatic it would seem India and Indians, unlike the EU or Brazil, have chosen to forgo rhetoric and instead debate the core issues around privacy, anonymity, intellectual property and national territoriality.
One final question that came up was whether technological developments would allow states to dominate. This is a debate that has played out historically in every new medium that has emerged. As the international negotiations proceed in the coming years, the whole question of whether we are going to have an internet that is transcendental and collectively used across the world or is it going to be dominated by each country in its own little domain of influence.
The India conference was the start of a process – one that raised many questions and found some interesting and out-of-the-box answers. The complexity of the debate dictates that this will not be any easy path to navigate. The India Conference on Cyber Governance and Cyber Security will not and cannot be a one-off interaction among multi –stakeholders. It is the beginning of a strong forum that can debate India’s policies, help mould its strategy and simultaneously address global challenges.