Indias Strategic Options in a Changing Cyberspace

Indias Strategic Options in a Changing Cyberspace

India’s Strategic Options in a Changing Cyberspace India’s Strategic Options in a Changing Cyberspace Cherian Samuel Munish Sharma INSTITUTE FOR DEFENCE STUDIES & ANALYSES NEW DELHI PENTAGON PRESS LLPLLP India’s Strategic Options in a Changing Cyberspace Cherian Samuel and Munish Sharma First Published in 2019 Copyright © Institute for Defence Studies and Analyses, New Delhi ISBN 978-93-86618-66-5 All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without first obtaining written permission of the copyright owner. Disclaimer: The views expressed in this book are those of the authors and do not necessarily reflect those of the Institute for Defence Studies and Analyses, or the Government of India. Published by PENTAGON PRESS LLP 206, Peacock Lane, Shahpur Jat New Delhi-110049 Phones: 011-64706243, 26491568 Telefax: 011-26490600 email: [email protected] website: www.pentagonpress.in In association with Institute for Defence Studies and Analyses No. 1, Development Enclave, New Delhi-110010 Phone: +91-11-26717983 Website: www.idsa.in Printed at Avantika Printers Private Limited. Contents Acknowledgements vii Abbreviations ix Introduction xi 1. Concepts and Definitions 1 2. Cyber Deterrence: The Emerging Landscape 12 3. The Geopolitics of Norms Building in Cyberspace 51 4. Active Cyber Defence: An Analysis 81 5. Critical Information Infrastructure Protection: National Practices and Perspectives 97 6. India’s Technology Challenges: Encryption, Quantum Computing and Artificial Intelligence 115 7. Public-Private Partnership in Cybersecurity: Opportunities and Challenges 143 8. India’s Strategic Options in a Changing Cyberspace 157 Recommendations 165 Index 169 Acknowledgements The seed for this publication was planted in the final meeting of the Project Review & Steering Group when Brig. Abhimanyu Ghosh of the NSCS suggested that the various reports be compiled together as a book. This proved to be more difficult than expected, but we persisted, nonetheless, in the desire to add to the existing body of knowledge and debate on cybersecurity. We would like to express our gratitude to the Ministry of Electronics and Information Technology for extending the grant to conduct the research. The Chairman and members of the Project Review & Steering Group – Mr. N. Sitaram, Brig. Ghosh, Dr. Ponnurangam Kumaraguru and Dr. P.S. Nageswara Rao – were generous with their time, providing extensive reviews, technical inputs, and constructive criticism. Former Dy. NSA Dr. Arvind Gupta and National Cyber Security Coordinator Dr. Gulshan Rai were constant sources of support and motivation; this book is only but a small contribution to their endeavours to expand research on cybersecurity within the country and making it part of the curriculum in academia and elsewhere. The Institute for Defence Studies and Analyses (IDSA) has been supporting policy research on cybersecurity for a long time, and this book is a testimony to IDSA’s continued commitment to policy relevant research and knowledge dissemination on security-related issues. The project, begun when Brig. Dahiya was at the helm of affairs, saw sustained support from Amb. Jayant Prasad when he took over as Director General IDSA, as well as Maj. Gen. Alok Deb, Deputy Director General. Gp. Capt. Ajey Lele fulfilled too many roles to mention, from sounding board to trouble shooter. We are truly thankful to the anonymous reviewers of the book, and to all the individuals who have either motivated or supported the research, writing, and publishing of this book, both in their professional or personal capacities. Thanks are also due to the IDSA establishment and library, the team of viii India’s Strategic Options in a Changing Cyberspace Mr. Rajan Arya at Pentagon Press, copy-editor Ms. Preeti Singh and Mr. Virender Negi for manuscript formatting. Additional project assistance was provided by Mr. Arul R. and Mr. Siddhartha Chandra Sekhar. Last but not the least, our sincere gratitude to the entire phalanx of interviewees, speakers, panelists, and participants of the workshops, roundtables and conferences organized as part of the research project – Cmde. A. Anand, Brig. Abhimanyu Ghosh [Retd.], Mr. Abhishek Bansal, Mr. Amit Sharma, Mr. Anand Shankar, Amb. Asoke Kumar Mukerji, Ms. Bhavna Saxena, Ms. Chinmayi Arun, Mr. Deepak Maheshwari, Lt. Gen. Aditya Singh [Retd.], Maj. Gen. Ajeet Bajpai [Retd.], Mr. Gigi Joseph, Dr. Govind, Dr. Kamlesh Bajaj, Ms. Liis Vihul, Brig. Manjeet Singh, Mr. Mayank Lau, Mr. NandkumarSaravade, Mr. P.K. Agarwal, Mr. Rahul Sharma, Col. Rakesh Pandey, Ms. Rama Vedashree, Col. Sachin Burman [Retd.], Mr. Salman Waris, Mr. Sanjay Kumar Verma, Mr. SastryTumuluri, Ms. Satya Gupta, Ms. Shuchita Thapar, Dr. Sunil Agarwal, Mr. V. Anand Kumar and Mr. Vinayak Godse – who generously contributed of their time and shared their experiences in face- to-face interviews as well as through a series of interactions and roundtables, each one of which was invaluable in terms of the quality of inputs and the expansion of existing knowledge. Others, who have preferred to remain anonymous, are also duly acknowledged. Cherian Samuel and Munish Sharma Abbreviations AES Advanced Encryption Standard APEC Asia-Pacific Economic Cooperation APT Advanced Persistent Threat ARF ASEAN Regional Forum ASEAN Association of Southeast Asian Nations CAC Cyberspace Administration of China C-DAC Centre for Development of Advanced Computing CERT Computer Emergency Response Team CI Critical Infrastructure CII Critical Information Infrastructure CISO Chief Information Security Officer COAI Cellular Operators Association of India CPNI Centre for the Protection of National Infrastructure DDoS Distributed Denial of Service DES Data Encryption Standard DHS Department of Homeland Security DIARA Defence Information Assurance and Research Agency DRDO Defence Research and Development Organisation DSCI Data Security Council of India DST Department of Science and Technology EU European Union ENISA European Union Agency for Network and Information Security GCCS Global Conference on Cyber Space GGE Group of Governmental Experts HQ-IDS HQ-Integrated Defence Staff x India’s Strategic Options in a Changing Cyberspace IAMAI Internet and Mobile Association of India ICANN Internet Corporation for Assigned Names and Numbers ICT Information and Communication Technology IDSA Institute of Defence Studies and Analyses IDRBT Institute for Development & Research in Banking Technology ISAC Information Sharing and Analysis Centre ISO International Organisation for Standardisation IT Information Technology ITU International Telecommunication Union JWG Joint Working Group MoD Ministry of Defence NASSCOM National Association of Software and Services Companies NATO North Atlantic Treaty Organisation NCIIPC National Critical Information Infrastructure Protection Centre NIC National Informatics Centre NIST National Institute of Standards and Technology NSA National Security Agency NSCS National Security Council Secretariat OECD Organisation for Economic Co-operation and Development PLA People’s Liberation Army PPP Public-Private Partnership R&D Research and Development S&T Science and Technology SCADA Supervisory Control And Data Acquisition SCO Shanghai Cooperation Organisation RAT Remote Access Trojan ReBIT Reserve Bank Information Technology STQC Standardisation Testing and Quality Certification UN United Nations USCYBERCOM US Cyber Command Introduction As policymakers have found out to their consternation, cybersecurity is a moving target, with threats and actors manifesting and mutating at astounding speeds, so much so that even the most nimble governments are finding it difficult to fashion a viable response even within their own domestic domains. Various measures, ranging from developing Public-Private Partnerships, to classifying and concentrating on securing critical infrastructure, or devising offensive capabilities—all suggested by cybersecurity experts—have not been able to stymie the deluge of malicious threats emanating from state, non- state, and state-sponsored actors. In the more innocent days of cyberspace, it was routinely referred to as a global commons, evoking visions of the various stakeholders coming together to develop norms and conventions to self-regulate their actions. The reasoning behind this was that this was the only way to further unleash innovation and creativity that had brought cyberspace into existence in the first place. Built on the principles of sharing, trust, and openness, security from malicious acts or software did not receive as much attention as it deserved. With rising economic costs and the national security implications of threats in and through cyberspace, calls for the rules of the road to regulate cyberspace have grown manifold. This has been sought to be achieved through the norms process wherein multiple stakeholders sat at the table to arrive at a consensus on various issues related to keeping cyberspace, “open, secure, stable, and free”. This was largely a Western formulation, and it became the dominant framework by virtue of the fact that much of the technology and capacity as well as private enterprises underpinning cyberspace resided in the Western world. Norm negotiations have straddled various forums in the multilateral, multi- stakeholder, technical, and functional spheres. The complexity of the issues to be negotiated, and the differing

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    194 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us