CFR Presents

Asia Unbound

CFR experts give their take on the cutting-edge issues emerging in Asia today.

Print Print Cite Cite
Style: MLA APA Chicago Close


On Cybersecurity, India Begins to Embrace the Private Sector

by Guest Blogger for Adam Segal
October 18, 2012

India's National Security Advisor, Shri Shivshankar Menon, delivering the keynote address at the release of the report of the Joint Working Group (JWG) on “Engagement with Private Sector on Cyber Security”, in New Delhi on October 15, 2012. (Courtesy Government of India) India's National Security Advisor, Shri Shivshankar Menon, delivering the keynote address at the release of the report of the Joint Working Group (JWG) on “Engagement with Private Sector on Cyber Security”, in New Delhi on October 15, 2012. (Courtesy Government of India)


Cherian Samuel is an Associate Fellow at the Institute for Defence Studies and Analyses in Delhi, India.

Monday, October 15 saw the release of the Government of India’s Recommendations of the Joint Working Group on Cyber Security. The Joint Working Group was created in July 2012 and included representatives from various ministries as well as the private sector, namely the Federation of Indian Chambers of Commerce and Industry, The National Association of Software and Services Companies, the Data Security Council of India and the Confederation of Indian Industry. The entire exercise was coordinated by the National Security Council Secretariat.

At first glance, this brief 4-page document does not live up to the expectations and hype surrounding its release. In terms of concrete proposals, it calls for the establishment of a few more committees for enhanced capacity-building; Information Sharing & Analyses Centres for various sectors; an Institute of Cyber Security Professionals of India; and four pilot projects in areas such as studying vulnerabilities in critical information infrastructure. As far as the other recommendations are concerned, while they are laudable and would greatly improve the country’s cybersecurity posture if implemented in letter and spirit, the document is silent on the crucial issue of funding.

Nonetheless, this is an important first step and one can see the glimmer of an unfolding multi-pronged strategy to get ahead of cybersecurity challenges at various levels. One of the major inhibitors to date has been an official mindset of distrust of the private sector in matters of security. As National Security Advisor Shivshankar Menon noted while releasing the report, this change in outlook has been dictated by force of circumstances. The unrelenting penetration of government, military, and other networks; the inability of existing institutional and regulatory mechanisms to deal with these new threats; continuing confusion over contradictory government policies that have tried to balance security and economics; and the somewhat belated realization that cybersecurity could be a sunrise sector for Indian industry have all played a part in the government’s interactions with the private sector. This new partnership envisages collaboration on virtually every aspect of cybersecurity: capacity-building, research and development, training of law enforcement agencies, and even the formulation of India’s position on global cybersecurity policies.

The last aspect also bears watching, as it appears that the government is recalibrating its international positions on cybersecurity to take a more proactive role in international fora and provide thought leadership on the various related issues. To enhance its credentials with the many nongovernmental and private sector actors that support Internet governance now, the government has made a recent foray down the multistakeholder route through its India Internet Governance Conference. Decisions are also imminent on the military front after discussion within the Indian Armed Forces on the contours of a cyber command.

The most vital aspect is the partnership with the private sector. However, where the current initiative is concerned, the devil is in the details, and those details remain sketchy. The Joint Working Group that brought out the Recommendations has been converted into a permanent group and tasked with fleshing out the specifics. As has been pointed out in other commentaries, the Indian IT industry, for all its size, is rather narrowly focused on a few areas like system integration, and new competencies in both hardware and software industries would have to be created to attain the goals envisioned in the Report.

In the meantime, the hype has already had its effect; I received a call from a company peddling a cybersecurity product. This turned out to be a glass film that has been certified to prevent eavesdropping even by the U.S. National Security Agency and apparently adorns the windows of the White House. One can safely expect many more companies and fly-by-night operators to climb aboard what they imagine to be the cybersecurity gravy train that’s just leaving the station.

Post a Comment No Comments

Post a Comment

CFR seeks to foster civil and informed discussion of foreign policy issues. Opinions expressed on CFR blogs are solely those of the author or commenter, not of CFR, which takes no institutional positions. All comments must abide by CFR's guidelines and will be moderated prior to posting.

* Required