The problem
Edward Snowden, an information technology (IT) professional, was recently declared a fugitive by the United States for ‘revealing the secrets of state’ to the world, by accessing in an unauthorized manner the high security communication systems of the US and its allies. He breached the cyber security boundaries set by the US National Security Agency by accessing information in a clandestine manner for which he had no authority, as reported by the media. But then, so have the security agencies of his native country, who along with its government’s allies, on mere suspicion been surreptitiously snooping on conversations of individuals across the globe who oppose their policies. The ease with which Snowden could break into the high security IT network at the global level should serve as a wake-up call for all nations as well as individuals using modes of communication such as a landline or mobile phones, an Internet connection, or even cable TV to view programmes in the secure environment of their family and home.
The domain of security amongst IT professionals is called cyber security. The software tools in the communication channels of today have the capability to transgress into our bedrooms through the same webcam one uses for Skype or Google video talk. The web camera on our computer is capable of picking up infrared signals from our bedroom even when the lights have been switched off! Hence, we can be under constant watch, if big brother so desires!
Since the 1980s, the Internet onslaught has been unrelenting, so much so that it has changed the world in an unprecedented manner. The cyberspace is an electronic world that has been created through interconnected networks of databases and the information contained therein. Its size can be gauged from the fact that it is a global commons used by over 1.3 billion persons every day through the exchange of ideas, services and friendships!
The G7 group (comprising of USA, UK, France, Germany, Canada, Italy and Japan) of countries have already established giant size databases that are interconnected. They are the owners of state of the art IT, communications, surveillance, space and encryption technology. Developing countries such as India, China, Brazil, Malaysia, Korea and Egypt too are gradually closing in with similar terrabyte sized databases integrated at multiple levels to ensure larger efficiency in governance.
Today, beginning with a Unique ID for the legal residents of a country to benefit from positive policies of the government, consumer banking, corporate financing, defence, agricultural and industrial production, driver licenses, land, house and business ownership records, medical and individual health/disease data, educated and technical manpower statistics, weather patterns, supply chain management, air traffic control, entrance examinations, electronic voting – all are gradually being loaded onto giant size databases, which in turn are linked through communication channels. If not already, they will be interconnected within a decade, even in the underdeveloped countries.
Further, with the use of satellites based communications technology provided by developed countries and MNC’s offering the services of giant size databases outside the physical boundaries of a nation, there is a genuine potential threat to the sovereignty of nations, particularly for the underdeveloped countries that are dependent on the technology imported from developed nations. This is another area that needs immediate attention. There is a real threat that these databases could be compromised and subverted by vested interests to both control as well as divert or manipulate the vital resources of nations in every sense of the word even before it becomes apparent.
In the world of crime too, cyber crimes have made a distinct mark. Phishing, identity theft, electronic money laundering, terrorism, sales and investment frauds, electronic funds transfer frauds and many others have been identified as falling in the domain of criminal acts. The police and law enforcement agencies of developing and underdeveloped countries are hardly trained, nor do they have much knowledge about this new area of criminal acts by professional fraudsters. Simultaneously, the judiciary which has to adjudicate such cases is often handicapped in arriving at a sound judgment in cases of cyber crime due to lack of technical knowledge.
In view of the above, there is an urgent need to introduce amendments to the laws that govern criminal acts so as to bring cyber crimes into their domain. Further, a comprehensive strategy to cope with this phenomenon is needed in this area. It has to simultaneously start at the bottom and top. At the bottom, the law schools must run exclusive compulsory course on cyber law/acts before a graduate gets a license to practice at the bar. At the top the judiciary, coming from the old school, needs to be sent for remedial classes to acquire a minimal level of technical understanding about cyber security and crimes. Further, amongst the judiciary there has to be an exclusive and competent set of judges to adjudicate cases of cyber crime. Finally, at the law implementation level, intensive training programmes for lower, middle and senior officers of the police and paramilitary organization are required to bring them at par to combat cyber based crimes and cyber security violations. Fortunately, cyber crime cells have been created in every state’s police department, which is a step in the right direction.
Consequently, how cyber security will play a role in the new world order is of extreme importance for all nations. In this regard we need to prioritize the formulation of policy by countries for such a strategic area with roots in every walk of life. Fortunately, earlier this year, India’s CERT (Computer Emergency Response Team) unveiled a cyber security policy as well as amended the IT Act 2000.
With an increasing number of banks and insurance companies getting interconnected, the corporate sector and consumers shifting to online transactions, the railways, defence and police using communication channels for their day-to-day functioning, prices of commodities and stock exchanges depending upon IT resources, have created a demand for continuously developing unbreakable indigenous encryption technology to ensure security and invincibility of national, public sector and corporate databases. This raises questions about how long the underdeveloped and developing nations will remain sovereign if the developed countries remain the sole suppliers of communications, surveillance and encryption technologies.
To counter such threats, developing nations need to be aware about the research and development in encryption technology being undertaken, including in India’s educational institutions and research laboratories. Simultaneously, we need to introduce an intensive curriculum at the undergraduate and postgraduate levels in the cyber security area under the IT, communications, computer and software engineering degree programmes.
With the mushrooming of private engineering colleges in the past decade in India, many institutions offer computer, communications, electronics and software engineering programmes. But their curriculum barely has any practical inputs and simulation laboratories related to cyber security. In fact, there is little incentive for the teaching faculty, well entrenched in permanent posts, to acquire professional qualifications, such as CISSP (Certified Information Systems Security Professional) or CCFP (Certified Cyber Forensic Professional) or SSCP (Systems Security Certified Professional) among others, in order to keep abreast with global industry standards in the area of cyber security. It is only through such steps that the next generation of IT professionals can be made aware of what is forthcoming and the challenges thereof to become competitive and maintain an edge at the global level in the IT sector. At the Ministry of IT and Communications, its CERT wing has indeed taken timely initiatives to fund R&D projects. Unfortunately, there is no project in the encryption and basic cyber security area currently being funded. For this the academia from prestigious institutions like the IITs and IISc needs to come forward to work in this challenging field, a move which has been given top priority by the developed countries.
Simultaneously, both at the ministry and institutions such as IDSA (Institute for Defence Studies and Analyses), there needs to be greater awareness about the current state of the art IT and communications technology practised in the developed countries. Additionally, what is on the drawing boards and in the research labs of the developed nations needs to be monitored, analyzed and worked upon to take pre-emptive steps for unrolling a nation’s IT research and development funding plan, if we want to remain competitive as an IT service provider. Mere policies will not be sufficient in this area.
Last but not least, as communications technology is the cornerstone in defence and warfare, any infringement of its integrity cannot be ignored by any nation. No wonder the G7 countries have created a separate cyber warfare division in the strategic planning wing under their defence ministries. Even monitoring of terrorist threats after 9/11 is being carried out by sniffing all the emails that travel across the globe through extremely high speed surveillance systems and search engines at predetermined selected gateways cooperating with each other on this earth. Surely Klemens Wenzel von Metternich would be happy in his grave knowing what he developed as a surveillance strategy back in 1815 after the Congress of Vienna, is still being used in the 21st century.
AHMAD CAMERON