Digital India in the times of cyberwarfare: Are we prepared?

When Prime Minister Narendra Modi launched the ambitious Digital India initiative, he expressed the global worries over cybersecurity and stated that India should come up with solutions to meet the challenge posed by this threat of a "bloodless war".

Addressing the dignitaries and the media on the grand Digital India launch event, Modi had said, "The world is terrified by this (cyberwarfare)… India has a big role to play in this. India has talent. India can provide a shield to the world by providing innovative and credible solutions. We should accept this challenge to ensure that the entire world lives in peace." Emphasising the dangers posed to cybersecurity, Modi said, "Somebody, with education of 10th or 12th class, sitting thousands of miles away, can clean up your bank account with a click of mouse. This situation needs to be addressed."

Yes, the situation needs to be addressed but does India have the basic infrastructure and expertise to deal with a menace which transcends boundaries and continents? Even if top authorities stress on the fact that India does have the prerequisites, it would be too early for us to thwart such attacks (some on a higher level) in an efficient manner as cybersecurity and cyber laws in India are at a very nascent stage.

Cybersecurity breaches have kept governments, individuals and big corporate houses on their heels. Not just India, but even the Pentagon has faced cyberattacks, exposing the vulnerability to such a menace. Given the global outreach and all-encompassing nature of cyberwars, India needs to have a dynamic and broad approach to tackle cybercrime and strengthen cybersecurity within its frontiers.

The social "terrorist" network

A growing concern for the global community is the emergence of terrorist outfits like the Islamic State (ISIS), which are not dependent on traditional forms of media to disseminate their message but have free-to-use social media tools and platforms to spread their venom far and wide. For cybercriminals and cyberterrorists, the internet is a boon, since it has allowed them to reach out to the maximum people at the click of a button.

While some technocrats and cyberexperts feel that it would be stupid of these organisations not to use these tools, what governments and law enforcement agencies can do is to leverage the fact that it would be possible to track such accounts or even shut them down, as done on various occasions like the one involving ISIS sympathiser Mehdi Masroor Biswas, a 24-year-old Bangalore engineer, held for allegedly running @shamiwitness - a pro-ISIS Twitter handle.

But what remains unanswered is how do we deal with such a challenge with a weak legal policy or regulatory framework, given the very traditional approach we have for countering such issues. The expectation is to break the ice and work with the global community to track down malicious activities and ensure that the sovereign nature of a state is not hampered by the evil of cyberterrorism or social terrorist networks.

International cooperation to strengthen cybersecurity

There are various ways of containing cyberwarfare, cybercrime and hack attacks through international cooperation. A few months back, I had the opportunity to interact with Timotheus Kansil, head of department for international cooperation, national police (The Netherlands) on the prospects of cooperation among nation states to strengthen cybersecurity. Kansil stated that it can be done either on a bilateral level, or on a global level like the Interpol which trains law enforcement agencies of the 90 member nations on various aspects of cybersecurity. Kansil said, "Cyber crime is global in nature, and a major challenge for governments and other institutions. We need to find smart solutions to be able to ensure cybersecurity."

But then, one of the main challenges is the lack of communication between nations. The Snowden leaks exposed the enormous levels of alleged cyber-espionage that the US and some of its allies engaged in (and probably continues to do) to tap, track and fish out sensitive information from core databases and institutions of other nations. There are loads of vital information which could be shared and would enable the global community to maintain an equilibrium in order to thwart cyberattacks and other forms of threats, but then, how, when and at what level it needs to be done depends solely on the governments of various nation states.

Cybersecurity threats: Are we game for the next level?

When we talk about taking on a challenge like cyberwarfare and its related manifestations, we need to understand the limitations of sovereign laws and policies. The current laws and policies have territorial applicability and hence would not apply outside our territorial boundary. On the other hand, the Indian cyber law has taken a different approach by stating that you can be located in any part of the world but if your activities hamper a computer network which is physically located in India, then the offender comes under the ambit of the Indian cyber law.

But in terms of practicality, it is very tough to be implemented. India is not even a signatory to some of the basic international frameworks on cybersecurity like the Convention of Cybercrime of the Council of Europe which not only European nations but Japan, US, South Africa have become signatories to, except India. This is the reason why India lacks the intrinsic "X-factor" and negotiating power in terms of forcing and coercing thought processes to look into directions that help in combating cyberattacks.

Indian laws are not in tandem with the ever-changing global cyberspace. The laws are old and hence need to be more dynamic in nature to deal with issues like cyber-espionage, data theft and so on. The Information Technology Act, 2000 (IT Act 2000) is the sole law that deals with cyberspace in India and was passed way back in 2000.

Also, the "Cyber Law of India" has been subject to amendments on various occasions but hasn't served the changing dynamics and the growing threats and manifestations of cyberwar. The need of the hour for India is to formulate preventive strategies to curb cybercrimes effectively as well as impart cybercrime investigation training and technological know-how to the various law enforcement agencies. Some of the key areas which need to be dealt with are cyberwarfare, cyberterrorism, cyberespionage and international cybersecurity cooperation that would enable developing nations to gather technical expertise from the developed ones to tackle the ever-growing threat to cybersecurity.

Reports suggest that more than 85,000 websites in India have faced external hack attacks in the last four years or so, and most of these have been related to core government, academic or even science institutions. While the Digital India initiative aims to transform the country into a digitally empowered knowledge economy and also aims at inclusive growth in areas of electronic services, products, manufacturing and job opportunities, its success would largely depend on maximum connectivity of the masses with minimum cybersecurity risks.