Let's Build a Responsible Cyber Society




Will Digital Security Agency in India be a reality?

For the first time in India, there is now a talk of a “Digital Security Agency” of India to deal with Cyber Warfare, Cyber Counter Terrorism and Cyber Security of National Digital Assets.

For too long India has been talking of being an e-Super Power without addressing the issue of Digital Security. But now there is a hope. The hope has come in the form of an election manifesto from one of the major political parties of India namely the BJP. (Copy of the manifesto) released on 3rd April, 2009. 

While the Indian media headlines non-issues such as the Ram Temple, none of the reporters seem to have the desire or capability of understanding the possible impact of the Digital Security Agency to the IT industry in general and the economic situation in a recession hit industry in particular.

I urge the media to highlight these aspects.

A quick attempt is made here to highlight how the Digital Security Agency can make a difference to the economy of India.

The “Digital Security Agency” (DSA) is effectively an umbrella organization responsible for the security of “National Digital Assets”. National Digital Assets consist of e-Governance infrastructure as well as the key IT facilities in the country which may belong to the private sector.

We are aware that at present National Security threats emerge from not only conventional wars but also from terrorist activities which is meant to blead the economy.  Pakistan has been effectively using this strategy to make India commit crores of rupees on the deployment of security. However the conventional security agencies are unable to effectively deal with the dimension of wars and terrorist activities which happen in Cyber Space.

Today Cyber Terrorism takes many shapes. It may include planting of trojans and viruses on a mass scale to make the Information systems of a Country/region impotent. It may manifest in the form of Denial of Service Attacks on mission critical systems. It may involve mass defacement of websites. it may manifest in infection of websites with viruses which download onto the systems of any visitor. It may manifest in the form of hacking into e-mail accounts of key government functionaries and private sector corporate executives to spy on sensitive communication. It may also manifest in the form of Phishing attacks to drain the banking system or corrupting the E-Commerce system through credit card thefts and fraudulent usage. It can also manifest as W-Fi router hacking or domain name hijacking. It could also manifest in pornography and softwar piracy when they are  used to plant trojans and viruses. 

Information Security professionals know that all of the above incidents are “Cyber Crimes” and “Information Security Beach incidents”. But when these incidents occur simultaneously in large number of systems belomnging to one country or region, they become parts of Cyber Terrorism or Cyber wars.

Traditional Information Security mechanisms are unable to cope with the Cyber Terrorism or Cyber War threats (CTCW threats) because the attacks are sophisticated, backed by supply of adequate resources, backed by strong non commercial motivation and with the support of national Government resources. There are organized criminal gangs who are patronized by rogue Governments who shelter the criminals and their hosting facilities. It is just like the terrorist camps that are supported in Pakistan to train and attack India.

While ITA 2008 has made some attempt to proide legal backing for conduct of electronic surveillance and to bring Cyber terrorism to book, it still needs to be backed up by a National Cyber Security Agency which can focus on delivery of securitty on a national scale in the Cyber Space.

DSA can be a fulcrum for development of such a National Cyber Security Agency. First of all it can act as a coordinating agency for National Cyber Intelligence and integrate the activities of Cyber Crime policing in different states. It can also enter into cyber crime prevention treaties with other countries to ensure international cooperation agaisnt Cyber terror.

More importantly, when attacks emanate from a remote server, following the principle of “Hot Pursuit”, the rogue servers can be identified and disable with a counter Cyber attack. As a counter intelligence strategy it can counter hack, plant its own intelligence gathering mechanisms where required and defend the country against external aggression through cyber space.

In implementing a national security plan, the private sector IT agencies also need to be protected. Hence one layer of information security responsibilities in a private sector IT agency would be the responsibility of the DSA. Alternatively, it will be necessary for the private sector to cooperate and work along with the DSA in implementation of National Cyber Security plan. We may also recall that US is also planning a Cyber Security Act which may create a similar set up like DSA.

USA, UK and Australia have already committed billions of dollars investment for creating a national security information network. India will perhaps need an even larger investment. This investment would go into the development of hardware and software as well as creating a security manpower network. This has a potential for generating new employment and new industrial investments.

We need to look also at whether such investments will give a boost to domestic industry or result in drainage of foreign exchange. In this context, the BJP’s IT vision assumes importance. This vision envisages an aggressive support to the domestic hardware industry to make India compete with China. India is already a leading software producer and if some support is provided in R&D, it can continue to provide leadership in the software sector. We can even develop an indigenous OS or make Open source OS  with user friendly application package a foundation of Indian IT development.

 What India may critically need for this purpose is investment in production of an indigenous “Secure Computer System” where the PCB is designed entirely under the watchful eyes of CDAC or such other national agency which can ensure that the national interests are not compromised through hardware items with pre-installed bugs.

If therefore the IT vision is also rolled out, then the huge investments that are expected to be made in the DSA infrastructure would result in a boost to the recession hit IT industry. If IT industry in India revives, then it will also address the issue of employment generation, increased domestic consumer spending and the spin off benefits on other industries. In fact “Information Risk Management” would be a business verticle of its own which IT industry may start to focus on.

I wish industry managers to study the business potential of “Information Risk as a Business Paradigm” and bring out an industry guide to assist planners in the IT industry. May be some management institute in India such as the IIM Bangalore may take up such a study.

 Hence the concept of DSA is not only an attractive proposition from the security concern point of view but also could be a strategy for revival of the Indian economy.

We all know that the DSA is now only a concept in the manifesto of one political party. We donot know if the party will win and come to power. We also donot know if even after coming to power, the compulsions of coalition politics will allow all the manifesto declarations to be implemented. But still to an average Indian who can understand the power of IT, there is now a new found hope .. a hope that India can be an e-Super Power by being able to first protect and defend its own Cyber territory through a well conceived and well implemented DSA plan which will also revive the recession trend in the economy.

Let’s  “Dream.. Dream.. Dream..” like what was suggested by Dr Abdul Kalam and ”Hope..Hope.. and Hope” that things will roll out in such a manner that the National Cyber Security-2009 dream will come true.


April 04, 2009

Copy of Cyber Security Bill as available on April 5, 2009

IT Vision of BJP

Related Articles in Naavi.org:

BPO for BPOs, A Security Solution

Threats to Cyber Security, Vision-2009

Cyber Security Command for India recommended

 A Unified Approach to National Cyber Security

State level Cyber Law Advisory Group Required

National Netizen’s Rights Commission Required in India