27 July 2015

Column: Create a cyber deterrent


India must have a cyber corps of ethical hackers who identify Cyber warfare and hacking has become one of the biggest challenges today for every country. Worldwide, cyber criminals are stepping up their game and data breaches are becoming both common and devastating. Based on available information, the likely annual cost to the global economy from cyber crime is more than $400 billion. A conservative estimate would be losses of $300 billion, while the maximum could be as much as $600 billion. Even the smallest of these figures is more than the national income of most countries.

G-20 nations suffer the bulk of the losses and the losses from cyber crime for the four largest economies in the world (the US, China, Japan, and Germany) have been estimated to be to the tune of $200 billion. Low-income countries have smaller losses, but this will change as these countries increase their use of the internet and as cyber criminals move to exploit mobile platforms. Despite these alarming figures, unfortunately, most governments and companies underestimate how much risk they face from cyber crime and how quickly this risk can grow in future.

China deserves the bulk of the blame when it comes to computer-attack traffic. China accounted for over 40% of the world’s attack traffic, making the country a top source of cyber assaults. Findings of the global investigations reveal that China has set up sophisticated hacker networks across its geography. Some members are even connected to China’s military, though the extent of these official operations is unknown. When questioned, the Chinese government and its state-run media continue to deny its involvement in international hacking incidents though investigative agencies world wide keep pointing out to China. After China, the US is another home for members of some of the world’s most notorious hacker groups, accounting for nearly 10% of the global attack traffic. After China and the US, some of the other visible countries are Turkey, Russia, Taiwan, Brazil, Romania, India, Italy and Hungary. Based on reports, India accounts for nearly 2.5% of the world’s attack traffic.

While discussing the impact of these attacks on business and economy, most important cost of cyber crime, however, comes from its damage to company performance and to national economies. Cyber crime damages trade, competitiveness, innovation, and global economic growth. A company invests in research and development (R&D) to create new intellectual property (IP). They expect a certain return from their investment. If a competing product based on stolen IP appears in the market (an important qualification, as all stolen IP can be used), the expected return to the developer will be much smaller than expected.

After innovation loss, financial crime—the theft of financial assets through cyber intrusions—is the second-largest source of direct loss from cyber crime. The best data on cyber crime, unsurprisingly, comes from the financial sector.

Based on Nasscom data, globally around $114 billion is the total loss of cash in 12 months and $274 billion is the total loss of time for victims of cyber crime which means on an average 10 days were spent by victims to satisfactorily resolve hassles of cyber crime. In India, $4 billion is the total loss of cash in 12 months and with around $3.6 billion total loss of time for victims of cyber crime, an average 15 days were spent by victims to satisfactorily resolve hassles of cyber crime.

The theft of confidential business information is the third-largest cost from cyber crime and cyber espionage.

Business confidential information can be turned into immediate gain. The loss of investment information, exploration data, and sensitive commercial negotiation data can be used immediately. The damage to individual companies runs into the millions of dollars. For example, hacking of central banks or finance ministries could provide valuable economic information on the direction of markets or interest rates.

Efficient detection and handling of security incidents is a demanding and responsible task. Cyber attacks by their very nature are multi-dimensional and complex. A vast majority of cyber attacks can be damaging. To fortify national network and avert digital catastrophe, we strongly suggest the government create Indian cyber corps, a troop of ethical hacker volunteers in the country.

Once on board, the battalion of ethical hackers could be deployed all over to meticulously evaluate intruder’s threat by making attempts to break into their computer systems, something like what independent auditors do while verifying an organisation’s bookkeeping records. To gain quick results and achieve targets, they basically employ the same tools and techniques used by the intruders to investigate the security gaps, and vulnerabilities without damaging the target systems. Once the investigation process is complete, the team will report to the respective owners of the systems (government/semi-government/private) with the vulnerabilities they found and instructions on how to eliminate such security gaps.

This will have great use in future cyber wars too. In case of need, these cyber troops could penetrate enemy networks and bring them down. China reportedly has the largest number of such troopers while India lags behind. The government would be unable to create this and the only hope is an independent civilian troop of ethical hackers available to the government in times of need, whose sheer capability would deter enemy attacks. Creating them would also enhance cyber security on a massive scale as it would focus attention on creating such skills, investing in cyber security, research, etc, on a massive scale to be a deterrent. In the future, a cyber deterrent could be more valuable than a nuclear deterrent.

Pai is chairman, Aarin Capital Partners, and Srivastava is an independent policy and strategy consultant.

No comments: