Indo-US Attempt to Bite the Illegal Bytes

  • Prasad P. Rane
    Prasad P. Rane was Associate Fellow at the Institute for Defence Studies and Analyses, New Delhi. read more

Of the several agreements signed during the recently concluded US presidential visit to India, one initiative that has been lost to sight is on Cyber Crimes. As part of the larger counter-terrorism effort and realizing the importance of cyber security and cyber forensic research, India and the US have agreed to enhance cooperation to tackle Cyber Crime. This will lead to a greater sharing of expertise in the areas of tracing computer viruses and software worms and network analysis. The agencies involved in this exercise will be the Indian Computer Emergency Response Team (CERT-IN) under the Department of Information Technology and the United States Cyber Security Division. The joint statement released after the talks between Manmohan Singh and George Bush also stated that the two countries would be discussing a draft protocol on cyber security.

As a part of the larger counter terrorism dialogue, former Indian Prime Minister Atal Bihari Vajpayee and President Bush had agreed to set up an India-US cyber security forum in November 2001. Under the auspices of this forum, high power delegations from both sides met for the first plenary in the National Security Council Secretariat (NSCS) on April 29-30, 2002. Since then three plenary meetings have taken place, the third one was held on January 17, 2006.

The 21st century international system is inter-connected with information highways, and Information Technology (IT) has become the buzzword. Speaking philosophically, while the industrial revolution had already “solved” the problem of food, the information revolution solved the problem of “problems”. After the initial euphoria subsided, the world slowly started realizing the shortcomings of this information revolution, which had eradicated the problem of “problems” only to lead to an even greater problem. IT can be called an enabling technology, for it enables the user to solve the problem by providing multiple solutions to the problem. The masters of binary logic who are also called computer wizards are responsible for this. But there is another breed of computer wizards who are responsible for cyber crimes. These cyber crimes encompass several nefarious activities like propagating disinformation, defacing websites, spreading computer viruses and software worms, phishing and hacking. Visualizing the problems ahead, a common vision is required to ensure cyber security and prevent cyber crimes.

As is widely acknowledged, terrorism is a threat in all it forms and manifestation. Cyber terrorism is the convergence of terrorism and cyberspace. It is an unlawful attack and threat against computers, networks, and the information stored therein. It is a tool that has the capacity to paralyse a certain network. Such attacks are used to threaten or coerce a government or its people for promoting certain political or social objectives. In an age where information has become a currency of power and sensitive sectors like finance are networked via the Internet, cyber security has become an area of great concern. For countries like the US, an information superpower, and India, which has adopted the information revolution, securing cyber space and information networks has become a tightrope walk. Against this backdrop, the Indo-US Cyber Security forum has proved to be a platform for exchanging views on cyber security. These plenary meetings can also be seen as a tool to shape the Indo-US Strategic Partnership.

As stated above, the Indian Prime Minister and the US President have agreed to enhance co-operation between the law enforcement agencies of the two countries to tackle cyber crimes. The two countries are also carrying out discussions on a draft protocol on cyber security. At the 3rd plenary, which concluded on January 17, 2006, several new initiatives were announced. It was decided to set up an India Information Sharing and Analysis Centre (ISAC) for better co-operation in anti-hacking measures as well as an India Anti-Bot Alliance to raise awareness about the emerging threats in cyberspace by the Confederation of Indian Industry (CII), in consultation with their US counterpart. It was also decided that the ongoing cooperation between India’s Standardization, Testing and Quality Certification (STQC) and the US National Institute of Standards and Technology (NIST) will be expanded to newer areas including harmonization of standards. The R&D Working Group will concentrate on hard problems of cyber security, cyber forensics and anti-spam research. In a way, discussions during the plenary meetings chalked the way for intensifying bilateral cooperation to control cyber crime between India and the US. But the question to be addressed is: is it enough?

Looking at the pace of developments in the field of information technology, these initiatives should pave the way for more institutionalised efforts. There is a need for institutionalising a framework to address the problem of cyber crimes by taking inputs and sharing information from law enforcement agencies of the two countries. The number of Indian websites facing the problem of defacement is alarming. CERT-IN reported that Indian websites were defaced 4824 times in the year 2005 alone. As most Indian financial institutions like banks and stock markets have opted for E-Commerce, the rate of defacement may lead to another worry, viz., phishing crimes. CERT-IN underlines phishing as a widespread targeted financial scam in which social engineering and spyware/malicious code methods are used to steal personal and financial data such as credit card numbers, account usernames, passwords and social security numbers of Internet users. Given the growing electronic interdependencies and the imperative of protecting electronic transactions and critical infrastructure, there is a need for joint research projects in the field of information technology, which would give an opportunity for scientists from both sides to conduct collaborative research. The gravity of cyber crimes increases with the potential of hackers to hack defence-related websites and create chaos. The mere thought of defacement of defence and nuclear energy related websites sends shivers down the spine.

Though India has not yet experienced a full-fledged cyber attack paralysing the system, given its vitality the strategic community should include cyber security in the mainstream discourse. The Indo-US agreement in this context has marked a new beginning. This initiative will hopefully not lose out to other conventional areas.

Keywords: Cyber Security, India-US Relations