Smart Indias cyber security

As we move ahead in implementing some of our nation-building projects like Make in India, Smart Cities Mission and Digital India that
endeavours to make India a digitally empowered society, our cyber security landscape is going to get more and more complex. With an
exponential increase in connected devices and Internet of Things, the attack surface will increase manifold. This highlights the need for a
comprehensive cyber security architecture that will not just prevent but also deter potential state and non state malevolent elements from
venturing into our cyberspace for espionage, for committing cyber crimes or for launching cyber attacks. It also underscores creating both
defensive and offensive capabilities, the latter being solely the prerogative of the government.
These programmes cater to the provisioning of safe and secure cyberspace in the country. However, given our current levels of digital
literacy and the rapid rate of technology change, it will be an uphill task to achieve the desired levels of cyber security in conformity with the
anticipated timelines.
Effective cyber security architecture must focus on people, processes and technology. However, the general trend the world over has been
to rely heavily on technology, which provides automated safeguards and associated processes while paying little attention to training and
empowering people to operate effectively in cyberspace. Resultantly, as observed by IBM in one of its reports, almost 95 per cent of
successful cyber attacks are on account of human error and only 5 per cent attributed to technology and processes.

Illustration: Bhaskaran

To ensure success of our nation-building initiatives, all organisations will have to focus on training not only their personnel but also the
people around their establishments. For the corporate sector, cyber security must become a vital concern. The corporate houses should
know that the cost of cyber crime for the global economy has been estimated at approximately $445 billion annually. Cyber security must
become a legal obligation and get included as an important facet of risk management, which generally remains confined to the regulatory
and investment risks. Suitable amendments to the Companies Act, 2013, could be considered for this purpose. Similarly, training people
residing around the production units could also be brought under the scope of corporate social responsibility.
To prevent errors due to carelessness and social engineering, technology and processes must be appropriately included in educational
curriculum models in all sectors. Keeping people abreast of the changes in technology and the modus operandi of malevolent elements is
necessary to ensure holistic awareness of the threats they face and the part they are expected to play in countering such threats.
Developing a cyber security mindset, where people are conscious of the cyber risks and are constantly on the lookout to identify cyber
threats, is important. It has been seen that while there is a better understanding of cyber security in government and public sector
organisations owing to the presence of institutionalised mechanisms for training and monitoring, it is somehow lacking in the private sector.
It may be of interest to note that despite possessing the best brains in information technology, India ranks 89th amidst 143 countries in the
Global Networked Readiness Index. It may, therefore, be prudent to review our Cyber Security Policy of 2013 and evolve a national cyber

security strategy that will highlight ends, ways and means to realise our national aspirations in a time-bound manner. A revised policy
framework must also help create an ecosystem that brings about optimal synergy, elicits unflinching accountability of all stakeholders,
prevents further brain drain and encourages some of our best brains abroad to come back. All concerned must remain committed to creating
an outstanding skilled force besides diligently empowering our people so that they remain relevant to the changing environment of a Smart
India.