'Our dependence upon cyberspace'

Cyberspace is today the fifth domain of human activity, in addition to land, sea, air and outer space. During the last two decades, the internet has grown exponentially in its reach and scope. Equally, our dependence upon cyberspace for social, economic, governance, and security functions has also grown exponentially. Unfettered access to information through a global interconnected internet empowers individuals and governments, and it poses new challenges to the privacy of individuals and to the capability of governments and administrators of cyberspace tasked to prevent its misuse.

Our task is complicated by the unique characteristics of cyberspace. These include, as we are reminded every day: its borderless nature, both geographically and functionally; anonymity and the difficulty of attribution; the fact that for the present the advantage is with offense rather than defence; and, the relatively anarchic nature of this domain. Let us consider each of these briefly.

Borderlessness
The anonymity and interconnectivity of cyberspace are exploited by criminals, terrorists and even states to carry out identity theft and financial fraud, conduct espionage, disrupt critical infrastructures, facilitate terrorist activities, steal corporate information, and plant malicious software (malware) and Trojans which can be exploited in different ways.

Anonymity
Because of the anonymity and the difficulty in attribution, securing cyberspace against misuse by either state or non-state actors is a multidimensional challenge that requires concerted efforts on the part of all stakeholders. Cyber security involves securing our National Information Communication Networks and Critical Information Infrastructure, combating cybercrime and protection from cyber attacks. It involves threat monitoring, assessment, mitigation, risk management, forensics, hardening of systems and capacity building in terms of both technical as well as human resources. All these require technical advances to make it possible for us to be able to redefine anonymity so as to separate legitimate from other uses of cyberspace.

Offense and Defence
We have seen that there is an inextricable link between cyber crime, transnational organised crime and cyber terrorism. Active actors range from ordinary individuals to cyber criminals, extremists, terrorists, social, and political groups. We have also seen that launching destructive cyber attacks cost little, but defending against such attacks is becoming increasingly expensive and complex. The increasing use of "cloud computing" models, and third-party network based servers which form the "cloud", has introduced new policy challenges such as defining jurisdictional boundaries for law enforcement, protecting privacy and civil liberties according to national laws, and liability in the event of a breach of security.

Anarchy: International and Governance Aspects
Different countries have different approaches to this issue, based on their national experience and perceived interests. We are each learning as we go. Given the interdependencies that are a characteristic of cyberspace, the international community needs to make concerted efforts to secure cyberspace, which is a common resource. Many issues relating to cyber security have transnational components and these challenges cannot be addressed by individual nations or in isolation. There is a self evident need for cooperation to exchange experiences and to share best practices for protection of information infrastructures.

As a member of the United Nations Group of Experts, India has worked with Russia and with other countries on the Group's Report, which will be submitted to the UN General Assembly.

India's experience
India is one of the major information technology (IT) destinations in the world. We have the third largest number of internet users after the US and China. India has a GenY population, between the age of 15 to 29 years, of approximately 310 million adept at using the internet and social media networks. There are over 700 million mobile phones and 670,000 km of optical fibre laid across the country. We add over 7 million new mobile phone connections every month. Such phenomenal growth in access to information and connectivity has added to our vulnerabilities. The government of India has recently approved a National Cyber Security Policy and a Framework to address cyber security concerns. This framework envisages a multi-layered approach to ensure defence in depth and a clear delineation of functional responsibilities amongst stakeholders, while stressing coordination and sharing of real-time information. It also seeks to strengthen our assurance and certification framework to address supply-chain vulnerabilities, hardening networks, and promoting Research and Development in cyber security with an emphasis on capacity-building.

In July 2012, we established a Joint Working Group with representatives of the government departments and the private sector. The report of this Joint Working Group contains a detailed road map for public-private partnership on cyber security, which includes the setting up of institutional frameworks, capacity building in the area of cyber security, development of cyber security standards and assurance mechanisms and augmentation of testing and certification facilities for IT products.

In ensuring cyber security, we have to be careful that the free flow and access to information is not hindered or compromised. There should be no doubt about our commitment to preserving the democratic nature of cyberspace which is one of its most enduring features. India is stoutly committed to freedom of expression, which includes freedom of expression in cyberspace. At the same time, we have to be concerned with securing our cyberspace for trusted e-commerce, security of data and protection of Critical Information Infrastructure. The imperatives of national security have thus to be balanced with protecting the privacy of individuals.

---

Excerpts from a speech by National Security Advisor Shivshankar Menon, at the Fourth International Meeting of High Level Officials Responsible for Security, Vladivostok, Russia, July 4, 2013