In a society infested with terrorist activities from New
York to Gandhi Nagar on to Bali and Moscow there are no two opinions
that "Security" has been a concern upper most in the minds of the people. The
"terror" struck by a single sniper in Washington highlighted how a
feeling of insecurity can throw the society out of gear and force people to
change their living habits in the fear of the unknown. This is as much true of
the physical world as the Cyber world.
The cost of terrorism on the society is often measured in
terms of the cost of reconstruction of a destroyed asset or cost of
maintaining a security force. (Even though cost of a lost human life is not
quantifiable for the kith and kin, the society may assign a cost in terms of
the compensation paid on such occassions. In the context of Cyber Space
security, fortunately, one need worry mostly about loss of property and
not loss of lives.).
But what is often lost sight of in Security
Management is the loss of productivity in the society arising out of the
terrorist act.
In an atmosphere where people do not know what is likely to
happen tomorrow to them or to their loved ones around them, it is impossible
for them to focus even on their routine work. While routine work can be
restored after some time, the "Creative Pursuits" often take a long time to
recover. In a sustained period of terrorist activities the
society therefore is unable to take up any creative endeavours including
"Governance For Growth". The Indian experience in the state of Jammu and
Kashmir where the developmental work has come to a standstill despite all the
efforts of the Central and State Governments is a case in point.
Similarly, as users of Cyber Space keep facing losses
of virtual assets on account of hacking or virus or any other criminal
activity, it becomes impossible for the creative minds in the Cyber society to
focus on developmental work.
Hypothetically, let us imagine a software developer keeps
writing an innovative software code in a process of building an innovative
application and finds that his computer is repeatedly attacked by a virus or a
hacker and his codes keep disappearing. It would not be long before the
software whiz kid decides to stop his creative pursuits and turn on to
some thing else he finds more durable.
In order therefore to keep our IT brains working
productively, it is necessary to give them a "Secure Cyber Space" to
work.
If India wants to be a super power in IT and Nasscom has
several plans to make this happen, it is also necessary to devote attention on
how we can secure the "Information Society" that gets created in the process.
If there is no security for the Information Asset, there is
no way India can hope to climb up the ladder of IT Super power structure.
Today, if there is a "hacking" incident, the victim can
only go to the Police for remedy. Unfortunately, the Police are still not
fully equipped to meet the aspirations of the people in tracing the hacker,
filing a case against him and getting compensation for the victim against any
losses that he might have suffered in the process.
In many other instances of loss of information asset
through a virus attack, or theft, the Police may not even be able to
help the information asset owners since the loss can be ascribed to their
negligence.
While the individual may accept the loss as a consequence
of his own negligence, the society has to recognize that whether the
"Loss of Information Asset" is due to negligence or otherwise, whether the
property is private or public, it is a loss to the nation. All such
losses ultimately have a cost on the society.
Since "Every Asset Saved is an Asset Earned",
"Information security" that prevents destruction of an information asset
already created is as valuable a service that we can provide to the IT
industry as any other facility provided for creating software.
Hence it becomes the responsibility of the Government to
think of a mechanism where by just as the Police and the Army
protect the physical assets of their citizens, there should be a mechanism by
which the virtual assets of the citizens are also protected. Such a mechanism
should go beyond creating a Cyber Police force or a Cyber Army and aim at
developing a holistic "Cyber Space Security Management Infrastructure"
This would be a necessary follow up to the creation of
Cyber Laws in the country.
What should be the intricacies of such Cyber Security
Management? What should be the role of private sector in such an
activity? What are the responsibilities of the Netizens in this regard?
....are issues that need debate.
naavi.org welcomes suggestions from the public in this
regard.
Naavi
October 26, 2002
