Secure India is thus a necessity if the two ambitious initiatives are to succeed, says Avinash Kadam, Advisor - ISACA India Cybersecurity Initiative.
‘Digital India’ aims to transform India into a digitally empowered society and knowledge economy while ‘Make in India’ is to facilitate investment, foster innovation, enhance skill development, protect intellectual property and build best in class manufacturing. These two initiatives are like two strong pillars that would support a strong, stable India.
They can be prefabricated but would ultimately need a very deep, strong, solid base of ‘Secure India’ initiative. Secure India is to develop and provide cybersecurity solutions and services for the global market.
The digital technology has truly transformed our world. The global boundaries are disappearing. There are no barriers to knowledge. Digital technology has percolated into the day to day life of common man. People from every strata are getting truly empowered with information and knowledge at their fingertips.
‘Digital India’ will truly empower the society, but…
Smart phones, tablet PCs are being used by people who never touched computers, to access the Internet for banking services, government schemes, education, entertainment, communication and even medical advice. ‘Digital India’ will truly empower the society.
‘Make in India’ would ensure Indian presence in world market and lead the nation to prosperity. Internet has exposed the world to the availability of world class products. An Indian product will have to compete in the global market. Internet is a great tool for sharing knowledge, getting new product ideas, exploring new markets.
The dangers like corporate espionage and theft
However, Internet also poses dangers like corporate espionage, theft of intellectual property, irrevocably damaging manufacturing facilities by remote control. Cyber-criminals launch attacks with impunity from across the political boundaries because Internet offers them anonymity.
The lure of the lucre, ill-conceived patriotism, notoriety or sheer ornery destructiveness may be some of the reasons behind the cyber-attacks by these highly intelligent, motivated individuals.
A particularly insidious type of attack is an APT (Advanced Persistent Threat) that can remain undetected for years and can steal terabytes of data. It could actually cripple a manufacturing plant by reprogramming it to work under altered parameters.
Secure India is critical for the success of two initiatives
Secure India is thus a necessity if the two ambitious initiatives are to succeed. We should not only secure ’Digital India’, but should also provide our services globally by creating and deploying security solutions. Internet has created an interconnected world. Cybersecurity solutions cannot be applied in isolation. India can develop a new kind of industry that offers Internet security products in the global market.
We Indians --who developed the first wargame Chess, can do it again by developing strong defense techniques in the cyber war against the criminals. All we need is a dedicated cyber-army of cyber-security professionals, well-trained and well-equipped in the Art of the cyber-war.
The gap in the demand & availability of cyber security pros
However, at present, there is a huge gap in the demand and availability of cybersecurity professionals in India. Colleges are yet to introduce courses for cybersecurity. Most of the certification in cybersecurity are knowledge based.
What is needed is skill based training on simulated environment. Internet provides the facility to create virtual labs in cloud and also for establishing cyber ranges to practice the defensive as well as offensive tools to hone the skills in cybersecurity.
We also need cybersecurity specialists who can design secure systems, secure hardware and secure devices. Most cybersecurity attackers exploit the design vulnerabilities. The cybersecurity design specialists need to detect and remove these flaws.
This could also be great service that India could offer to the world. There are millions of lines of code embedded in computer systems and devices that needs to be scrutinized and cleaned. The cybersecurity experts will have the task to evaluate and certify the code in the embedded chips of the Internet of Things.
The current skills gap can be partially filled by introducing college-level cybersecurity courses, by imparting cybersecurity training to the existing IT staff and by offering incentives for detection of security flaws to the general staff.
Smooth UX is important but security is critical
Enterprises offering digital products and systems have always focused on improving functionality and smoother user experience. Security has always taken a back step. This needs to be changed. Security could make or break a product. Security should be built seamlessly in the product design. It should be non-intrusive as well as intuitive. It should not appear as an added burden.
Most of the safety features in an electrical devices are built into the devices to protect the users. We use very high-voltage electrical devices in our houses with utmost safety because fuses make them safe.
Similarly, our smart phones, tablets, computers and devices included in Internet of Things are high powered, information tools and should be designed with built-in security features for information users.
Let us turn the cyber-threats into an opportunity for developing a world-class cyber-security industry in India for the global market.