13 February 2014

Need for a strong cyber-security workforce

By Surya Kiran Sharma

Security forces in India were on red alert as Republic Day approached with all personnel busy guarding the vital installations and defending the country’s frontiers. However, little attention was paid to the cyber space as Pakistani hackers defaced over 2000 Indian websites on January 25, 2014, including that of Central Bank of India. The operation was called “#OP26jan” and its success reflects the lack of technological preparedness within the government to deal with such threats.

A whitepaper issued by The Associated Chambers of Commerce and Industry of India (ASSOCHAM) in collaboration with private services companyKPMG on October 15, 2013 has highlighted the lack of cyber security professionals in the country. India has at its disposal only 556 trained specialists to tackle cyber threats, a number which dwarfs in comparison to 91,000 in the United States and 1.25 lakh in China. These numbers become more relevant considering India has at around 74 million, the world’s third-largest internet using population, behind China and the US, and the country also has the world’s third-largest standing army.India lacked a stand-alone cyber security policy until the National Cyber Security Policy was launched in July 2013, which remains a draft document on what the government hopes to achieve. However, little action has since been taken to achieve the targets and objectives spelt out in the policy document resulting in a weak institutional structure to protect the country’s cyber space.

The Cyber Security Policy 2013 envisions creating a 500,000-strong workforce of professionals skilled in cyber security and fostering education and training programmes in the formal and informal sectors. These figures look difficult to achieve unless the government collaborates with academic institutions to tap the technical skills of students at the earliest level.Israel, the undisputed world leader in using technology for national security and defence, has paved the way for the establishment of a new model totap the resources available in universities and integrate those with the efforts of the defence forces and private companies. The inauguration of the Advanced Technology Park (ATP) on the campus of the Ben Gurion University in Be’er Sheva, Israel has facilitated the symbiotic integration of the tech companies in Israel with the defence forces and the academia, to bridge the gap between the country’s cyber-security preparedness and the level of technological sophistication of the forces that have identified internet as the new dimension of warfare.The ATP plays host to a number of private tech companies, like Deutsche Telekom and Oracle, who will collaborate with BGN Technologies, an entity of the University that commercialises academic research and assists the Israeli defence forces to secure the country’s cyber domain.

A report by Cisco published in January 2014 titled Annual Security Report 2014 also highlights the lack of adequate cyber security warriors available to the government. The report points out that Indian government websites have been breached over 1000 times in the past three years and the country is short of over 4 lakh professionals skilled in cyber security.An important reason for these regular attacks on the critical national data has been the failure on the government’s part to attract people with the requisite technical skills and expertise. The lack of competitive remunerations in comparison to what the private organisations are willing to pay forces the best minds to shun the government.

The government needs to work on capacity building and skill development if it wants to achieve the target of 500,000 cyber security professionals in the next five years. As internet becomes the fifth dimension of warfare after land, air, water and space, necessary steps need to be taken to develop forces capable of securing the country’s critical and sensitive information. Special educational institutions providing courses on cyber security need to be set up across the country with additional similar programs being run in the existing colleges. Training should be provided to acclimatise the responsible personnel with the latest changes in technology and the advancements in cyber domain.

The Indian Computer Emergency Response Team (CERT-In) has been earmarked as the umbrella agency to coordinate all cyber emergency and crisis response efforts and protect country’s software based infrastructureunder the cyber security policy. However, the government has sanctioned the creation of the National Cyber Coordination Centre (NCCC) to assess potential cyber threats and ensure better coordination between various intelligence agencies. A proposal has also been cleared to have National Technical Research Organisation (NTRO) take care of key infrastructure including power, telecommunications, railways and airport.

The need of the hour is a nodal organisation that supervises the cyber security efforts of various agencies involved in protecting India’s information structure. The armed forces have also been targeting aCommand Centre on the lines of the US Cyber Command (USCYBERCOM). The creation of all these institutions requires skilled personnel; a close partnership with the private sector and the academia is hence essential to realise the intended goals.

The concept of “Attack by Stratagem” states that fighting and conquering all battles is not supreme excellence; it lies in breaking the enemy’s resistance without fighting.As conflicts move away from battlefields and onto computers in air-conditioned rooms situated thousands of miles from the target, there is a need to concentrate efforts on creating acyber-security force adept at protecting country’s information and communication data and networks.

The author is an intern at CLAWS. Views expressed are personal.

No comments: