Cyberspace transcends boundaries to provide unprecedented levels of connectivity and empowerment to states, institutions and individuals across the globe. This fluidity of the cyber- spheres pawns ‘cyber-gangsters’, necessitating cyber-security on the one hand while raising the spectre of a ‘big brother’ state on the other, according to the Minister for Communications and Information Technology, Mr. Kapil Sibal. Inaugurating the 2-day workshop he emphasised cyber governance as something of an oxymoron and a re-imagined notion of sovereignty was essential to develop an effective cyber security paradigm. The Indian National Security Adviser, Mr. Shivshankar Menon, who delivered the keynote address, said that the Internet is also the government’s chosen platform for socio-economic empowerment schemes. This makes India uniquely dependent on the cyber-sphere for its development – while at the same time exposing it to heightened vulnerability.
If the past is any indication, India’s growth and economic prosperity will be inextricably and intricately tied to the digital sphere. Hence, India’s proactive engagement in the global norm making process is important. India can and must be a rule maker and ensure that global norms pertaining to the cyber-sphere align with the opportunities this space has to offer its people. Additionally, the boundlessness of the cyber-sphere must be protected, but not at the cost of pluralism or access. Policy objectives must aim to build infrastructure and provide security and must seamlessly align with the inexorable logic of providing greater access through enhanced penetration.
Consequently, the Internet, for India and many countries indeed, is a means and medium of greater freedom and democratisation. Therefore discovering the median between access and security becomes a global imperative. Given India’s democratic ethos and the sheer volume of cyber-sphere it does (and will) account for, India’s policy responses which will inevitably shape the future of cyberspace, its management and governance.
It was in this background that the inaugural and most comprehensive ‘India Conference on Cyber Security and Cyber Governance – CyFy 2013’ was held at New Delhi on 14th& 15th October, 2013. Supported and guided by the National Security Council Secretariat, Government of India, Raytheon and the Bombay Stock Exchange, the event saw two days of engrossing debate, capturing the perspectives of over 250 international experts, parliamentarians, academics, industry leaders, media practitioners and representatives of the civil society.
The following key conclusions emerged from the discussions:
• The tension between “multistakeholderism” and multilateralism should be resolved to further a cooperative framework in formulating cyber-security strategies. It is only with the participation of diverse stakeholders that refined, legitimate and nuanced policy shall emerge. A unilateral approach without systematic and periodic consultations with, and inputs of, these multiple sets of stakeholders will be deeply counterproductive and can undermine the democratic nature of the cyber-sphere. Multistakeholderism is the mantra for devising articulate policy pathways.
• International cooperation is a must in responding to cyber-security threats and governance challenges. Conventions and treaties ensure agreed definitions on security issues, acceptable set of norms, confidence building measures and will eventually shape an international framework to manage cyberspace.
• Cooperation is beneficial in managing inter-dependencies that are inherent while seeking cyber-security, for which regional and bilateral cooperative measures can also be devised successfully. For instance, Internet fraud and related crimes can be a potential area of cooperation given the minimal political underpinnings.
• It was emphasised that cooperation could be compromised by the national strategic interest of major powers and by viewing this space as a new ‘zero sum game’. The tensions between great powers can undermine a multilateral approach to cyber-security and will have an asymmetrically negative impact on lesser powers.
• Public and private sector partnership (PPP) in policymaking is essential as the bulk of communications and certain critical information infrastructure networks are managed by the private sector. An information sharing mechanism should be created to ensure timely responses.
• The bulk of cyber-security costs are currently being borne by the private sector. Like all issues related to national security, the government must take the lead, incentivise and guide developments in this sector, and allocate specific funding. This funding should be spent on awareness campaigns, education, stakeholder consultations and capacity building initiatives in the near to medium term. Similarly governments should invest in initiatives that improve cyber hygiene and data protection. A critical skills shortage exists and there should be an emphasis on training ‘cyber builders’ rather than ‘cyber warriors’. PPP models and certifications regimes should be rapidly introduced to ensure both quality and numbers.
Governments must standardise security measures, protocols and surveillance processes in order to ensure that they are neither sector-specific nor applicable only to individuals or companies. Greater transparency around security processes will also increase user confidence and allow greater vibrancy in spread and adoption of cyber platforms. This is important as the Government of India, like many other national governments, sees digital last mile connectivity as the most efficient mode for government-citizen interface in social and related sectors.
• There is today a collision of narratives on National Security and Individual Privacy. While this debate is important to have, the ideal for any security policy must be safeguarding the private space of individuals and their freedom of expression. Governments have been unable to define and agree to a universal definition of “privacy” and due to the borderless nature of the Internet there will be contests and hence there are concerns voiced by many stakeholders that need to be addressed.
• Additionally, collective security often gets an unfair advantage over individual privacy. Some questioned the efficacy of these security measures and if the gains from surveillance are worth the costs to privacy and whether there are alternatives to safeguarding national security while keeping privacy sacrosanct.
• It did appear from the discussions that privacy and national security concerns do not necessarily have to compete with one another. Concerns over security measures can be addressed by embedding privacy presets into surveillance mechanisms ab-initio. Targeted surveillance has proven effective, but too much surveillance is demonstrably counter- productive. More investment is needed to ensure privacy enhancing technologies along with sensitising the personnel who deal with the data while conducting surveillance.
• Certain core ideals must be preserved and propagated in respect of privacy. And creating a universal common and robust approach to privacy should be a key global objective to work towards. Such a definition would necessarily be the basis for any future rules based cyber- sphere governed by internationally accepted norms.
The issue of verifiable cyber-identity is also a contested one – on one hand being necessary to prevent crime but on the other being prone to abuse. The issue of identity is intricately linked to the notion of anonymity. A third party management of identity verification is a possible solution but one that requires extensive trust building between the various stakeholders.
• Transparency and accountability in formulating cyber policies, empowering NGOs as pressure groups, widespread consultation, research initiatives, public participation, and a robust media are all needed in order to help formulate effective cyber governance and security architecture. An international cyber management framework can establish best practices and norms. This framework can also analyse risks and create deterrence mechanisms and alliances.
To quote the Deputy National Security Adviser of India, Mr. Nehchal Sandhu, “India has a national cyber-security policy, not a national cyber-security strategy.”Policy is the route to building strategy but strategy is the articulation of an assessment of objectives, needs and aspirations of what citizens seek in a secure and democratic cyberspace. CyFy 2013 is a first step in this process. It has initiated a plural and honest attempt to discuss, contest and discover contours of a national cyber strategy by bringing together domestic and international stakeholders and specialists, initiating the right conversations and encouraging debates that are critical to the formation of an enlightened cyber strategy for India.
Vice President, Observer Research Foundation
Chair, Communications and Digital Economy
CYFY Conference Secretariat
20, Rouse Avenue, Institutional Area, New Delhi – 110032
Ph: +91-11-43520020 | E-mail: email@example.com