Simply stated, internet governance implies the evolving policies and mechanisms under, which the internet community’s several stakeholders arrive at decisions about the development and use of the worldwide web. As technology and the usage of the internet made rapid strides, so did the discussions and debates around how the internet should ideally be governed, on the back of increasing cyber-attacks and threats. As we move forward and become more digitally dependent, such threats and crimes are bound to snow-ball. Hence having a strong and well entrenched governance mechanism is no more a matter of choice, but rather a matter of indispensability. At the same time, we need to protect the very basic essence of the internet – its freeness!
Internet governance covers a whole variety of issues – from technical and operational functions of the internet to public policy issues such as fighting cybercrimes, for that matter. Another school of thought cites internet governance to be one of the top priorities in the geo-strategic battles among big powers. They believe that every world conflict has an internet laced component and there can be no international security without cyber security.
Therefore, it is but natural that, cyber security needs to be incorporated in every aspect of policy and planning. India is today a quintessentially digital and knowledge based economy, with pioneering programs such as Aadhaar, MyGov, e-Market, DigiLocker, BharatNet, Startup India, Skill India, and Smart Cities transforming India, in ways, hitherto unfathomed. India’s ICT sector is projected to reach USD 225 billion landmark by 2020. The startup ecosystem, mostly IT based, is bustling in the country.
However, everything that is a boon, comes with its own share of bane and technology is not an exception. Premium connectivity, increasing integration in commerce and governance, technological advancements have also made India the fifth most vulnerable country in the world in terms of cybersecurity breaches, as per the Internal Security Threat Report of 2017 by Symantec. As technology and innovations evolve further, cyber-crimes will evolve too and cyber criminals will be coming up with newer and smarter ways to wreak havoc.
Consider policy initiatives such as Digital India, Cashless Economy, Smart City Project, and others, which hinges largely on internet-infrastructure and connectivity. Connected devices, IoT, and emerging technologies such as AI, VR, robotics, device agnostic tech solutions, will further push the envelope for India becoming a truly digital economic superpower.
The government has committed to equip all railway stations and trains with wi-fi, Niti Aayog to set up a national program to put in efforts in the domain of AI, Aadhar linking will be given further push, 5G adoption will be accelerated and the Department of Telecom will support the establishment of indigenous test bed at IIT Chennai. The budget also emphasized governments interest to invest heavily in robotics, big data, quantum computing, and IoT. The industry is collectively welcoming such progressive moves. What is paramount now is – efficient internet governance and focus on cyber security – in the wake of growing incidences of ransomware, malware and the like. The bank fraud and the one that crippled the online food discovery platform Zomato, last year, are some cases in point. The recent Facebook’s data leak, which affected millions a week ago, explains how much being vulnerable in the cyber world, could mean for individuals and businesses and how much harm it can cause in the real world. As we get more and more connected by the day, networks, infrastructure and devices are poised to be more and more vulnerable.
Data driven innovations cannot be scaled without adequate privacy safeguards and gaining users’ trust. Data protection and privacy should be systematic. Legislations coupled with efficient implementation ecosystem are the need of the hour. Governance mechanisms such as checks and controls, effective grievance redressal systems, citizen’s awareness, strongly enforced light touch laws – can play an instrumental role in protecting the country from cyber security breaches.
Also, considering the scale, volume and complexity of transactions that happen on digital platforms and the number of people involved in such trades, it may not be feasible to create an ex ante compliance system. Hence, the policy must take into account the fact, that apart from government’s intervention, organizations need to adopt best practices and demonstrate that they are accountable to their users. Awareness and best-in-class cyber security solutions and practices can play a decisive role in curbing such mayhem.
Last year, data breaches had hit new lows. Globally, millions of people were impacted as cyber criminals stole information via phishing emails, watering hole attacks and ransomware. Organizations lost cash, reputation and sensitive information and individuals faced financial crisis due to breaches in bank accounts. Data security and privacy are growing concerns these days, be it individuals or enterprise, everyone with a device or on a network is at risk.
The good news is that, most of such untoward incidences can be prevented or at least managed, through better governance of the internet (both at policy as well as organizational levels), public-private partnerships based concerted efforts and awareness at the end-consumer level. Consumers can better secure their environment by using two-factor authentication when conducting sensitive online transactions on their mobile devices, instead of using static passwords; observe proper security protocols when using public wi-fi networks, be cautious while conducting wireless transactions where data encryption is not there – making data vulnerable to be intercepted and misused.
Moreover, many smartphones today contain malware that consumers download unknowingly. These are often disguised as games, security patches and other utility applications. Amalgamate it with lack of data encryption, your mobile and the sensitive information it contains, are in for unauthorized access and misuse. Other issues include dearth of legitimate and well- crafted security software, outdated operating systems, lack of regular security updates, outdated software patches, use of unsecured wi-fi network and lack of firewalls.
The government can take steps to fight cybercrime, by launching reformative measures, come up with industry friendly policies and regulations and upskill people and organizations as a part of the National Digital Literacy Mission. An increased investment in Research and Development for the Digital Economy and a responsive and sprightly legal framework is also the need of the hour. Implementing advanced security enabled government infrastructure to mitigate risks of breaches would also help in ensuring data privacy. The Cyber Swachchta mission is indeed a highly commendable initiative.
Organizations should be allowed to craft their own privacy programs, based on broad principles and specific requirements, instead of prescribing them privacy practices in the form of administrative requirements or imposing on them audit and assessment standards. The idea is to improve internal governance mechanisms in organizations without introducing red-tapism and bureaucracy.
Organizations will be permitted to self-regulate, but at the same time, will be held accountable for any breach of trust. A multi-stakeholder consultative model is best suited for a country like India where all stakeholders can work with the government and do their bit for a safe and secure India.
India needs an updated cyber security policy, good infrastructure, and collaboration between stakeholders to establish a secure cyberspace. Minister of Communications Manoj Sinha said at the Global Conference on Cyberspace 2017, that there need to be a global call to action for all United Nations member nations to not attack the core of the Internet even when in a state of war. Cyber warfare between nations is no more an unknown fact.
There is a dire need for a Geneva-like convention to agree on some high-level recommendations among nations to keep the internet safe, open, universal, and interoperable.
Cyber security should be integrated in every aspect of policy and planning. The growing number of online users in India and affordable accessibility solutions are preparing the ground for increased threats and therefore, calling for better threat mitigation mechanisms. The government is keen to invest in R&D toward creating a robust cybersecurity policy framework and that is truly praiseworthy. The government has offered a grant of `5 crore to startups working on innovations in the field of cybersecurity.